all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

UAC-0050 new ongoing campaign details

Add to bookmarks
Jan. 30, 2024, 5:08 p.m. | /u/arieldavidpur

Malware Analysis & Reports www.reddit.com

My colleague and I found an ongoing campaign in the last few days related to UAC-0050 Threat Actor



IOCs:

\---File names:---

xn--80ane1aq.7z

invoice.7z



Hashes (SHA256):

invoice.7z - df4d57ca4bf976893cdc2c191a4f0e8858088957072f5bf366f4c2f1d7ab630e

Invoice.rar - 69a4251b21e81093ae472ef68bb48d0573e122c29ae1aac58fbf7c73a4e5de87

invoice.pdf.url - c73de9036435ed3a51b4864af55b159901914ddc0e90b0ca7d954a6e500cf26f

KEY \[0-9\]{7}.txt - c1593c241a354d4727b4da88fcb8e8ff8ddf54493e0848e6aef33667b1534ff6

xn--80ane1aq.7z - 34b826565968ff34edc9617c3f6d997ce9721baf514de310d2761bc203b81f81

doc.rar - 57aaab5b85b3e0d4b6b3033d15bfbf170ab93da94188df339ef4401f76fe6762

Офіційний xn--80ane1aq.pdf.url - c73de9036435ed3a51b4864af55b159901914ddc0e90b0ca7d954a6e500cf26f

ДПСУ - КОД - \[0-9\]{7}.txt - 3a7d743cb690e0cb70dedabe39f91faa8fcabafc37ff318ad7375ab5548a3636



Subject Pattern:

Payment request

Invoices

(Ukrainian+English)



Network:

104\[.\]192\[.\]141\[.\]1

188\[.\]114\[.\]97\[.\]7

89\[.\]23\[.\]98\[.\]22 \[SMB\]

\\\\89\[.\]23\[.\]98\[.\]22\\UR\\lmncr2rs\[.\]exe



⚒ TTP's:

T1027 - Obfuscated Files or Information

T1021 - Remote Services

T1566 …

actor campaign doc file found hashes iocs key malware names pdf rar sha256 threat threat actor txt uac uac-0050 url

Visit resource

More from www.reddit.com / Malware Analysis & Reports

Phising opensea 1 day, 1 hour ago | www.reddit.com
mail malware opensea phishing +1
Understanding How CVEProject/cvelistV5 Works 3 days, 8 hours ago | www.reddit.com
api cve cves etc +18
[Video] Triaging Files on VirusTotal 1 week, 1 day ago | www.reddit.com
files malware video virustotal
Need recommendations for Premium Tools 1 week, 1 day ago | www.reddit.com
analysis atm budget can +12
Are hidden incoming SMS common for C&C? 1 week, 3 days ago | www.reddit.com
account android android malware carrier +12
Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters 1 week, 3 days ago | www.reddit.com
attackers clusters critical exploiting +5
A Powerful tracing engine based on Qemu 2 weeks ago | www.reddit.com
binary called can case +20
[Fixed] Coding The Rat King: A Multi-Family Malware Configuration Parser 2 weeks, 2 days ago | www.reddit.com
code coding configuration family +5
Dynamic Malware Analysis of Konni RAT Malware APT37 With Any.Run 3 weeks ago | www.reddit.com
advanced amp analysis any.run +22

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Associate Principal Security Engineer

@ Activision Blizzard | Work from Home - CA
View on infosec-jobs.com

Security Engineer- Systems Integration

@ Meta | Bellevue, WA | Menlo Park, CA | New York City
View on infosec-jobs.com

Lead Security Engineer (Digital Forensic and IR Analyst)

@ Blue Yonder | Hyderabad
View on infosec-jobs.com

Senior Principal IAM Engineering Program Manager Cybersecurity

@ Providence | Redmond, WA, United States
View on infosec-jobs.com

Information Security Analyst II or III

@ Entergy | The Woodlands, Texas, United States
View on infosec-jobs.com
View more jobs