SYMBOLCOMMON_NAMEaka. SYNONYMS

UAC-0184  (Back to overview)


UAC-0184 is a threat actor targeting Ukrainian organizations in Finland, using the Remcos Remote Access Trojan in their attacks. They have been observed utilizing steganographic image files and the IDAT Loader to deliver the malware. The group has targeted the Armed Forces of Ukraine and impersonated military recruitment processes to infect systems with the Remcos RAT.


Associated Families

There are currently no families associated with this actor.


References
2024-02-26MorphisecMichael Dereviashkin
Unveiling UAC-0184: The Steganography Saga of the IDAT Loader Delivering Remcos RAT to a Ukraine Entity in Finland
SystemBC Babadeda DanaBot HijackLoader Remcos SystemBC UAC-0184
2024-01-06Cert-UACert-UA
UAC-0184: Targeted attacks against Ukrainian military personnel using the topic of recruiting to the 3rd Infantry Brigade and the IDF (CERT-UA#8386)
Remcos UAC-0184

Credits: MISP Project