Sunday, December 31, 2023

Modus operandi UAC-0177 (JokerDPR) on the example of one of the cyber attacks

The provided links do not contain the specific details of the "Modus operandi UAC-0177 (JokerDPR)" cyber attack. As a result, I'm unable to provide the example of the cyber attack. If you have access to other sources that provide details about this cyber attack, I would be happy to help you analyze the information and provide insights.

IoC

    IPv4

  • 179.43.162.29
  • 185.196.9.215
  • 80.78.22.194

    URL

  • http://edisk.ukr.net.ssl2.link/shared/

    DOMAIN

  • authcheck.in
  • authssl.in
  • authssl.link
  • authssl.online
  • authssl.org
  • authssl.site
  • certifiedauth.in
  • connectssl.in
  • exmo.day
  • getssl.click
  • getssl.ink
  • goaccount.link
  • hsts.online
  • personlog.in
  • ssl1.online
  • ssl1.site
  • ssl2.in
  • ssl2.link
  • ssl2.online
  • ssl2.site
  • ssl3.online
  • ssl3.site
  • ssl4.online
  • ssl4.site

    HOSTNAME

  • account.certifiedauth.in
  • account.coinbase.exmo.day

REFERENCES

  • https://cert.gov.ua/article/6276799
  • https://otx.alienvault.com/pulse/6584684fa9224d5643a0e891

TAGS

phishing, credential stealing

at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Fog of Cyber Warfare: Cloud Atlas Spies Attack Russian Companies Under the guise of Supporting NWO Participants

Cloud Atlas is a pro-government advanced persistent threat (APT) group that specializes in cyber espionage and theft of confidential informa...