Tag: DarkCrystal RAT

AI-Generated Carbon Black Detection Rule for DarkCrystal RAT Campaign
AI-Generated Carbon Black Detection Rule for DarkCrystal RAT Campaign

How It Works Uncoder AI processes threat reports like CERT-UA#14045 on DarkCrystal RAT and generates Carbon Black-compatible detection logic. This feature maps observed file hashes, execution patterns, and C2 infrastructure into a rule that’s ready to deploy within Carbon Black’s behavioral telemetry stack. On the left, the threat report details the DarkCrystal campaign, including: Malicious […]

Read More
UAC-0200 Attack Detection: Cyber-Espionage Activity Targeting Defense Industry Sector and the Armed Forces of Ukraine Using DarkCrystal RAT
UAC-0200 Attack Detection: Cyber-Espionage Activity Targeting Defense Industry Sector and the Armed Forces of Ukraine Using DarkCrystal RAT

The UAC-0200 hacking group resurfaces in the cyber threat arena. CERT-UA has recently identified a surge in targeted cyber-attacks both against employees of defense industry enterprises and individual members of the Armed Forces of Ukraine leveraging DarkCrystal RAT (DCRAT).  Detect UAC-0200 Attacks Covered in the CERT-UA#14045 Alert Following the latest UAC-0173 attacks leveraging DARKCRYSTAL RAT […]

Read More
Sandworm APT Attacks Detection: russian State-Sponsored Hackers Deploy Malicious Windows KMS Activators to Target Ukraine
Sandworm APT Attacks Detection: russian State-Sponsored Hackers Deploy Malicious Windows KMS Activators to Target Ukraine

For over a decade, russia-backed Sandworm APT group (also tracked as UAC-0145, APT44) has consistently targeted Ukrainian organizations, with a primary focus on state bodies and critical infrastructure. Since the full-scale invasion, this GRU-affiliated military cyber-espionage group has intensified its attacks against Ukrainian targets. The latest malicious campaign, analyzed in February 2025, appears to have […]

Read More