A criminal group, UAC-0173, has resumed cyberattacks targeting notaries in Ukraine to gain unauthorized access to state registers. The attackers use phishing emails with malicious executable files to infect computers with DARKCRYSTALRAT malware. They then install additional tools like RDPWRAPPER and BORE for remote access, and employ various programs to bypass security measures and steal authentication data. The group uses compromised computers to send further malicious emails. CERT-UA, with the help of the Notary Chamber of Ukraine, has identified affected computers in six regions and prevented unauthorized actions. Authorities urge notaries to remain vigilant and report suspicious activities immediately. Author: AlienVault
Related Tags:
BORE
RDPWRAPPER
DARKCRYSTALRAT
peaklight
DCRat
T1555
T1133
T1074
T1078
Associated Indicators:
AFEC811864CCCA244A9EDA1591185CA8BF8060F62C098E13231463D76F5D9AFC
3E0628C33FB6ABB952571C873E2627C746D797580CD6418C8015C581B89A0051
A2B5C2990A64B16F5A6C4D612DC2519AD9C0262E0F9BDF3F9409278AF4BCCE66
8EE10F65476A211EE82A7E06319BC48AF7061FCC847753D551E963B4DF1AC89F
3788802D0823E330707EE80BB96EF29E89AF93D95FD9EF822948D06C31398D39
8F8187D425384E17CDCEC48DAC499775247C5174264FF21461020DAD1D94AC7C
FAF84596EE6E19058E6AE60B5C54FB587358AB8069B21C64D82393748910B46C
35DB3D73F8A56BFEF47ACB65CCC8A6A647FD383A03E618A2FFA05BE75A7A418C
F5AB745071556175C327408C4D898E082AE93544045200083CD42F50F28EE797