UAC-0001 aka APT28 Attack Detection: Leveraging PowerShell Command in Clipboard as Initial Entry Point - SOC Prime
Tags
country: Russia Ukraine
maec-delivery-vectors: Watering Hole
attack-pattern: Data Email Accounts - T1585.002 Email Accounts - T1586.002 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID e7b6254f-b898-45ec-9a14-ab7d6287f666
Fingerprint d4d187f18391c7e7
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 29, 2024, 1:25 p.m.
Added to db Oct. 29, 2024, 2:32 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline UAC-0001 aka APT28 Attack Detection: Leveraging PowerShell Command in Clipboard as Initial Entry Point
Title UAC-0001 aka APT28 Attack Detection: Leveraging PowerShell Command in Clipboard as Initial Entry Point - SOC Prime
Detected Hints/Tags/Attributes 56/3/6
Source URLs
Redirection Url
Details Source https://socprime.com/blog/uac-0001-aka-apt28-attack-detection/
URL Provider
Details Provider Source level domain
Details socprime.com socprime.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 237 SOC Prime https://socprime.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CERT Ukraine 6 
UAC-0001
Details CERT Ukraine 23 
UAC-0098
Details CVE 172 
cve-2022-30190
Details CVE 8 
cve-2023-43770
Details Domain 4 
mail.zhblz.com
Details Threat Actor Identifier - APT 783 
APT28