UAC-0154UAC-0154

Also known as: UAC-0154

Known aliases
1

Profile

UAC-0154 is a threat actor orchestrating the STARK#VORTEX phishing campaign, specifically targeting Ukraine’s military. They employ a Microsoft Help file containing obfuscated JavaScript as a lure, disguised as a manual for Pilot-in-Command Drones, to deliver the MerlinAgent malware. This PowerShell-based RAT is heavily obfuscated and downloads a payload from a remote server, enabling full control over compromised systems. The group initially targeted Ukrainian entities using military-themed documents sent via email to @ukr.net addresses.

Aliases· 1

UAC-0154

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UAC-0194
Actor
UAC-0102
Actor
UAC-0185
Actor
UAC-0050
Actor
UAC-0245
Actor
UAC-0215
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.