Discover and read the best of Twitter Threads about #scarab
Most recents (1)
Today CERT-UA released two new posts on recent attacks on Ukraine Gov and enterprises.
- UAC-0026 Delivering HeaderTip.
cert.gov.ua/article/38097
- UAC-0088 Attacks with DoubleZero Wiper.
cert.gov.ua/article/38088
Follow along for a quick thread:
🧵1/x
- UAC-0026 Delivering HeaderTip.
cert.gov.ua/article/38097
- UAC-0088 Attacks with DoubleZero Wiper.
cert.gov.ua/article/38088
Follow along for a quick thread:
🧵1/x
@AeonTimeline 2/x: (threads are hard, sorry)
First lets look at UAC-0026:
Some (including me at first) are associating this with Symantec 2015's post on "Scarab", who was active since 2012.
At the time they were known to target a very small amount of individuals of interest (see map)
First lets look at UAC-0026:
Some (including me at first) are associating this with Symantec 2015's post on "Scarab", who was active since 2012.
At the time they were known to target a very small amount of individuals of interest (see map)
@AeonTimeline 3/x:
Here is Symantecs old blog: web.archive.org/web/2015012402…
Unfortunately the IOC file is no longer hosted there. Luckily our friends at AT&T (Alienvault OTX) pulled the IOCs back when that blog was posted: otx.alienvault.com/pulse/54c7e1e8…
Here is Symantecs old blog: web.archive.org/web/2015012402…
Unfortunately the IOC file is no longer hosted there. Luckily our friends at AT&T (Alienvault OTX) pulled the IOCs back when that blog was posted: otx.alienvault.com/pulse/54c7e1e8…
