UAC-0050 new campaign details | allinfosecnews.com

Jan. 30, 2024, 5:07 p.m. | /u/arieldavidpur

cybersecurity www.reddit.com

My colleague and I found an ongoing campaign in the last few days related to UAC-0050 Threat Actor

IOCs:

\---File names:---

xn--80ane1aq.7z

invoice.7z

Hashes (SHA256):

invoice.7z - df4d57ca4bf976893cdc2c191a4f0e8858088957072f5bf366f4c2f1d7ab630e

Invoice.rar - 69a4251b21e81093ae472ef68bb48d0573e122c29ae1aac58fbf7c73a4e5de87

invoice.pdf.url - c73de9036435ed3a51b4864af55b159901914ddc0e90b0ca7d954a6e500cf26f

KEY \[0-9\]{7}.txt - c1593c241a354d4727b4da88fcb8e8ff8ddf54493e0848e6aef33667b1534ff6

xn--80ane1aq.7z - 34b826565968ff34edc9617c3f6d997ce9721baf514de310d2761bc203b81f81

doc.rar - 57aaab5b85b3e0d4b6b3033d15bfbf170ab93da94188df339ef4401f76fe6762

Офіційний xn--80ane1aq.pdf.url - c73de9036435ed3a51b4864af55b159901914ddc0e90b0ca7d954a6e500cf26f

ДПСУ - КОД - \[0-9\]{7}.txt - 3a7d743cb690e0cb70dedabe39f91faa8fcabafc37ff318ad7375ab5548a3636

Subject Pattern:

Payment request

Invoices

(Ukrainian+English)

Network:

104\[.\]192\[.\]141\[.\]1

188\[.\]114\[.\]97\[.\]7

89\[.\]23\[.\]98\[.\]22 \[SMB\]

\\\\89\[.\]23\[.\]98\[.\]22\\UR\\lmncr2rs\[.\]exe

⚒ TTP's:

T1027 - Obfuscated Files or Information

T1021 - Remote Services

T1566 …

actor campaign cybersecurity doc file found hashes iocs key names pdf rar sha256 threat threat actor txt uac uac-0050 url

More from www.reddit.com / cybersecurity

What's a free SIEM tool that's compatible with Windows Server? 7 hours ago | www.reddit.com

central college console cybersecurity +12

Copilot‘s screen-snapping Recall data stored in plain text 10 hours ago | www.reddit.com

copilot cybersecurity data plain text +3

Cops Swarm Global Cybercrime Botnet Infrastructure in 2 Massive Ops 12 hours ago | www.reddit.com

botnet cops cybercrime cybersecurity +4

What are the most common IAM and PAM solutions in cybersecurity? 12 hours ago | www.reddit.com

cybersecurity cybersecurity professional goal iam +5

How does hiring in APT groups work? 13 hours ago | www.reddit.com

apt apt groups can cybersecurity +5

State of WiFi Security in 2024 14 hours ago | www.reddit.com

article cybersecurity exploiting feedback +9

Prioritize Blue Team for Cybersecurity Success 16 hours ago | www.reddit.com

blue blue team box can +16

Reported a Critical Vulnerability, Retested, and Now I Guess I'm Just Shouting Into the Void? 19 hours ago | www.reddit.com

bypass critical critical vulnerability cvss +6

NIST unveils ARIA program to evaluate and verify AI capabilities & impacts. 20 hours ago | www.reddit.com

ai capabilities aria aria program capabilities +4

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote

View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC

View on infosec-jobs.com