One Article Review
| Source |  Cyble |
|---|---|
| Identifiant | 8654232 |
| Date de publication | 2025-03-06 11:50:55 (vue: 2025-03-06 12:09:35) |
| Titre | L'UAC-0173 reprend des cyberattaques contre les bureaux notariens ukrainiens utilisant des logiciels malveillants sombres UAC-0173 Resumes Cyberattacks Against Ukrainian Notary Offices Using DARKCRYSTALRAT Malware |
| Texte | Vector d'attaque et exécution À partir de fin janvier 2025, UAC-0173 a intensifié son phishing campagnes. Le 11 février, les attaquants ont distribué des courriels malveillants imitants au ministère de la Justice de l'Ukraine. Ces e-mails contenaient des liens vers des fichiers exécutables, tels que: haka3.exe Ordonnance du ministère de la Justice du 10 février 2025 n ° 43613.1-03.exe pour votre information.exe L'exécution de ces fichiers infecte le système avec DarkCrystalrat (DCRAT), accordant aux attaquants un accès initial à la machine compromise. tactiques, techniques et procédures (TTPS) |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 0173 1024x512 105 120 126 155/for 166/ 166/downloads/notu 18/upl/t1 201 2025 233 234 246 256 2bcb9aa0b04299c1c902f5f2ff4034f7f9d5f5b0b924a4ba903fdef291bfe8ea 300x150 43613 48/not 48/notua 539d8bf192341c87f345790f3c2887b88ee10f65476a211ee82a7e06319bc48af 89b5837e2772041a6ed63e78c08426d4884e86732f0c0ccb7d802a4fd6f08d70 a6b692e0ed3d5cd6fd20820dd06608ac7120b8beef9967442ab23dd5b7d7d7c27 access account across action: activities activity additional administrative affected against agencies all allowing allows anti appdata applications are article as: assets attack attackers attacks authentication authorities auto backdoor based bat batch been block blog blogs bore bottom bypass campaign campaigns caption= cause cd53f35297016fe68fa60ddaa57402ac6f37d60bd918ae4733abeffa98457409 cert chamber client clipboard closely co/30kphkk/tymon coffee collaborate collaboration com/wp combined command commission complete compromise compromised computer conclusion contact contained content/uploads/2025/03/cyble continued control counter credential credentials criminal crucial cyber cyberattacks cybersecurity cyble darkcrystalrat data date dcrat deeper defense demand deploys description desktop details detected direct disable distributed distribution distribution: dll domains e9cedc98677b6b5146b14009ced7d6243788802d0823e330707ee80bb96ef29e educate efforts email emails emergency employees enable enables endpoint enhance ensure entered entities escalate escalation: establish evolving exe executable executing execution exploitation: extracts february fiddler file file= files filtering final financial firewall frameworks from ft89 further gain given gov government governmental granting group growing haka3 has hash helped https://cert https://cyble hunting: hxxp://193 hxxp://91 hxxps://194 hxxps://87 hxxps://i ibb identified identifying illicit image immediate immediately impersonating implement incident indicators infection infects information infrastructure initial install installation institutions intelligence intensified intercepts internet introduction iocs ips its january justice landscape large late least link links lnk localappdata machine machines malicious malware manipulate mechanisms medium menu microsoft mid ministry mitigated mitigation modifications monitor monitoring must name network nmap not notarial notaries notary note: objective offices operates order other over parallel passwords patch patches path payload persistence phishing plan please png polp potential preparedness: preventing primary principle privilege privileges privileges: proactive procedures programfiles programs protocol rapid rdp rdpwrap rdpwrapper real recommendations refer references: regions registers regularly remote renewed reporting required response restrict resumes resurgence said scale scan scanning script security security: send sendemail sessions set sha sharing shows since six solutions start starting startup state stealer stored such suspicious svchost svhost swift system system: systems tactics take targeted targeting targets team techniques theft: them these threat threats time title= tools traffic ttps ua/article/6282536 uac ukraine ukrainian unauthorized unknown update: upon urged urls use used user using utility vector web webp where which windows with bore work wrapper xupwork3 xworm your |
| Tags | Malware Tool Threat |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.