Discover and read the best of Twitter Threads about #Scarab

Most recents (1)

Today CERT-UA released two new posts on recent attacks on Ukraine Gov and enterprises.

- UAC-0026 Delivering HeaderTip.
cert.gov.ua/article/38097

- UAC-0088 Attacks with DoubleZero Wiper.
cert.gov.ua/article/38088

Follow along for a quick thread:
🧵1/x
@AeonTimeline 2/x: (threads are hard, sorry)

First lets look at UAC-0026:

Some (including me at first) are associating this with Symantec 2015's post on "Scarab", who was active since 2012.

At the time they were known to target a very small amount of individuals of interest (see map)
@AeonTimeline 3/x:

Here is Symantecs old blog: web.archive.org/web/2015012402…

Unfortunately the IOC file is no longer hosted there. Luckily our friends at AT&T (Alienvault OTX) pulled the IOCs back when that blog was posted: otx.alienvault.com/pulse/54c7e1e8…
Read 20 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!