ioc[.]one - OSINT Cyber Threat Intelligence Database

Threat Actor UAC-0056 Targeting Ukraine with Fake Translation Software

Tags

country:	Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002

Show in Graph

Common Information

Type	Value
UUID	de3cf7ab-e2bf-46e3-9a3d-50e8cb238e21
Fingerprint	3138b6bd6f3b86af
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 15, 2022, midnight
Added to db	Sept. 11, 2022, 12:47 p.m.
Last updated	Nov. 17, 2024, 5:46 p.m.
Headline	Threat Actor UAC-0056 Targeting Ukraine with Fake Translation Software
Title	Threat Actor UAC-0056 Targeting Ukraine with Fake Translation Software
Detected Hints/Tags/Attributes	35/3/23

Source URLs

	Redirection	Url
Details	Source	https://www.sentinelone.com/blog/threat-actor-uac-0056-targeting-ukraine-with-fake-translation-software/

URL Provider

Details	Provider	Source level domain
Details	sentinelone.com	www.sentinelone.com

Attributes

Details	Type	#Events	Value
Details	CERT Ukraine	49	UAC-0056
Details	Domain	1	dictionary-translator.eu
Details	Domain	5	windows.security
Details	File	5	microsoft-cortana.exe
Details	File	5	oracle-java.exe
Details	File	1	dictionary-translator.exe
Details	File	1	tmpj43i5czq.exe
Details	File	4	java-sdk.exe
Details	File	7	credentials.pas
Details	md5	1	2a60b4e1eb806f02031fe5f143c7e3b7
Details	md5	3	15c525b74b7251cfa1f7c471975f3f95
Details	md5	4	c8bf238641621212901517570e96fae7
Details	md5	4	9ea3aaaeb15a074cd617ee1dfdda2c26
Details	md5	4	4f11abdb96be36e3806bada5b8b2b8f8
Details	sha1	2	d77421caae67f4955529f91f229b31317dff0a95
Details	sha1	2	ef5400f6dbf32bae79edb16c8f73a59999e605c7
Details	sha1	2	3eec65c8ac25682d9e7d293ca9033c8a841f4958
Details	sha1	2	3847ca79b3fd52b105c5e43b7fc080aac7c5d909
Details	IPv4	2	91.242.229.35
Details	Mandiant Uncategorized Groups	37	UNC2589
Details	Url	1	https://dictionary-translator.eu/program/dictionary-translator.exe
Details	Url	1	http://91.242.229.35:443/i
Details	Windows Registry Key	1	HKCU\Software\SimonTatham\Putty\Sessions