SYMBOLCOMMON_NAMEaka. SYNONYMS

UAC-0149  (Back to overview)


UAC-0149 is a threat actor targeting the Armed Forces of Ukraine with COOKBOX malware. They use obfuscation techniques like character encoding and base64 encoding to evade detection. The group leverages dynamic DNS services and Cloudflare Workers for their C2 infrastructure.

Associated Families
ps1.cookbox
References
2024-05-30CloudflareCloudforce One
Disrupting FlyingYeti's campaign targeting Ukraine
COOKBOX FlyingYeti
2024-04-18Cert-UACert-UA
UAC-0149 cyberattack exploiting Signal, CVE-2023-38831 vulnerability, and COOKBOX malware (CERT-UA#9522)
COOKBOX
Credits: MISP Project