Tag: WRECKSTEEL

AI-Powered SPL Rule Generation for WRECKSTEEL IOC Detection
AI-Powered SPL Rule Generation for WRECKSTEEL IOC Detection

How It Works Uncoder AI converts complex threat intelligence—like the CERT-UA#14283 report on the WRECKSTEEL PowerShell stealer—into Splunk’s Search Processing Language (SPL) for direct deployment in security analytics workflows. It parses IOC-rich reports containing hashes, URLs, domains, and behavioral indicators to generate multi-index SPL queries aligned with Splunk’s native event and network telemetry. On the […]

Read More
AI-Generated SentinelOne DNS Query for WRECKSTEEL Detection
AI-Generated SentinelOne DNS Query for WRECKSTEEL Detection

How It Works Uncoder AI streamlines threat detection in SentinelOne by automatically transforming raw intelligence into executable event queries. In this case, it focuses on WRECKSTEEL (CERT-UA#14283), a PowerShell-based stealer campaign, by parsing dozens of malicious indicators — including over 30 domains and download URLs — and converting them into a single EventQuery targeting DNS […]

Read More
AI-Powered IOC Parsing for WRECKSTEEL Detection in CrowdStrike
AI-Powered IOC Parsing for WRECKSTEEL Detection in CrowdStrike

How It Works Uncoder AI automates the decomposition of complex IOC-driven detection logic authored in CrowdStrike Endpoint Query Language (EQL). This example centers around the CERT-UA#14283 report, targeting WRECKSTEEL — a PowerShell-based infostealer. The AI engine interprets an extensive detection rule designed to match various execution chains linked to WRECKSTEEL, enabling analysts to quickly understand […]

Read More
AI-Driven IOC Conversion for Palo Alto Cortex XSIAM Queries
AI-Driven IOC Conversion for Palo Alto Cortex XSIAM Queries

How It Works Uncoder AI translates threat intelligence into Cortex XSIAM detection logic by ingesting structured IOCs and extracting relevant execution behaviors. This example focuses on the WRECKSTEEL campaign (CERT-UA#14283), a PowerShell-based stealer that abuses native tools and network requests to exfiltrate data. On the left, Uncoder AI parses dozens of SHA256 hashes, filenames, scripts […]

Read More
UAC-0219 Attack Detection: A New Cyber-Espionage Campaign Using a PowerShell Stealer WRECKSTEEL
UAC-0219 Attack Detection: A New Cyber-Espionage Campaign Using a PowerShell Stealer WRECKSTEEL

In late March 2025, CERT-UA observed a surge in cyber-espionage operations targeting Ukraine, orchestrated by the UAC-0200 hacking group using DarkCrystal RAT. Researchers have recently uncovered at least three other cyber-espionage attacks throughout March against state bodies and critical infrastructure organizations in Ukraine, aiming to steal sensitive information from compromised systems using specialized malware. These […]

Read More