UNC5174

Reports
3
First seen
Nov 1
Last seen
May 5
Motivation
espionage, financial

Targeting

Sectors
government ×1

Top ATT&CK techniques

T1190 Exploit Public-Facing Application ×3T1566 Phishing ×2T1486 Data Encrypted for Impact ×2T1570 Lateral Tool Transfer ×1T1070.001 Indicator Removal: Clear Windows Event Logs ×1T1003 OS Credential Dumping ×1T1053 Scheduled Task/Job ×1T1047 Windows Management Instrumentation ×1T1555 Credentials from Password Stores ×1T1598 Phishing for Information ×1T1021 Remote Services ×1T1505.003 Web Shell ×1

Indicators

filename ×39hash_sha256 ×31url ×13ip_v4 ×10domain ×9cve ×5

Indicator values are available on Pro and via the API.

Associated CVEs

Recent reports

This page shows data on a 7-day delay. Free accounts get the full delayed feed; real-time reports, indicators, and the API start at $29/mo.