UAC-0149

MISP

Type:
Unknown

Country:
Unknown

First seen:
Unknown

Details:

UAC-0149 is a threat actor targeting the Armed Forces of Ukraine with COOKBOX malware. They use obfuscation techniques like character encoding and base64 encoding to evade detection. The group leverages dynamic DNS services and Cloudflare Workers for their C2 infrastructure.

References (2)

socprime.com - Uac 0149 Attack Detection Hackers Launch A Targeted Attack Against The Armed Forces Of Ukraine As Cert Ua Reports
cert.gov.ua - 6277849

Metadata

ID:	671
Created:	13/01/2026 17:48
Updated:	09/03/2026 16:00