← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
UAC-0252 cyberattacks with SHADOWSNIFF and SALATSTEALER stealers
WHITE PetrP.73 2026-03-18 Modified: 2026-04-17
52
IOCs
HIGH VOLUME
Since January 2026, CERT-UA has been monitoring a series of cyberattacks attributed to the group identified as UAC-0252. These attacks utilize social engineering tactics, with attackers masquerading as representatives from central executive authorities and regional administrations, urging targets to update mobile applications that are widely used in both civilian and military sectors. The malicious communications often include attachments disguised as archives containing executable files or links to legitimate websites that carry vulnerabilities, specifically those susceptible to Cross-Site Scripting (XSS). Upon interacting with these links, users may inadvertently download harmful executables under the influence of JavaScript code.
deaftickshadowsniffsalatstealercve20258088avangard
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (52)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2025-8088 2026-03-18
FileHash-MD5 2591d145ff510f7fc4d6290d3bfcb130 2026-03-18
FileHash-MD5 510690f2a21e677f05094e4fcfea9a9a 2026-03-18
FileHash-MD5 6ba7f82518e76a436d5eeb50f626d218 2026-03-18
FileHash-MD5 974cc318d509301be0966cc1b397076b 2026-03-18
FileHash-MD5 9a9a98117b483439cf54c9f7ffa4e417 2026-03-18
FileHash-MD5 a3e8f8dc8702474452b1b0889a9d77d1 2026-03-18
FileHash-MD5 b6480aa6c364715a21ba28c4d26a5b6e MD5 of c2a4212573d7566acf5b610b4ce3598237acd37459670daa1b6950f107d50e03 2026-03-18
FileHash-MD5 c2b70e79a3c7e9d392b02da9d7265d1f 2026-03-18
FileHash-MD5 cdc1919fc612772b34daecbcf2e38a05 2026-03-18
FileHash-MD5 dcc2c9a08044e8b3e445f17461d054f1 MD5 of 7b35b332a999d56d65241a4f35bbce2e9ad2644a84c09f7dbae42e39cd559bcf 2026-03-18
FileHash-MD5 e457cb42ca5a6ecd8b99d89ed2958b29 MD5 of b5e685e57c625032ec067be94a2854cce1b7c5a51e8d6bd833841a893d5d88b7 2026-03-18
FileHash-MD5 f3dc1e16cde2995f701c8db509f351c9 MD5 of e5941df780ae251bcafad3b833f45ee44bd1599ab45b7adf1f1c79510930642d 2026-03-18
FileHash-SHA1 6f58278d42a752eb13d24f7b5e61b959e59f229c SHA1 of e5941df780ae251bcafad3b833f45ee44bd1599ab45b7adf1f1c79510930642d 2026-03-18
FileHash-SHA1 ba7ea733843809388a8b0e3039ed2ed3a5d1ce3b SHA1 of c2a4212573d7566acf5b610b4ce3598237acd37459670daa1b6950f107d50e03 2026-03-18
FileHash-SHA1 c5535ff9d3b0f43a66a56225be24e7770fdc8ef0 SHA1 of 7b35b332a999d56d65241a4f35bbce2e9ad2644a84c09f7dbae42e39cd559bcf 2026-03-18
FileHash-SHA1 dd28c8b179ea1d92abd7a911096680ef448dc29e SHA1 of b5e685e57c625032ec067be94a2854cce1b7c5a51e8d6bd833841a893d5d88b7 2026-03-18
FileHash-SHA256 278f178676289f074251609d940132d162cf252666bed7c3056f01424d6abf07 2026-03-18
FileHash-SHA256 3abf295b79992532b03261a81643124d134fa7e86fb901b3bfc74ad0f192dc7f 2026-03-18
FileHash-SHA256 7b35b332a999d56d65241a4f35bbce2e9ad2644a84c09f7dbae42e39cd559bcf 2026-03-18
FileHash-SHA256 84bd898154543075e9b2f3566b710f7a8ef3028c8f07c73113a8f4f45332e3d6 2026-03-18
FileHash-SHA256 a4f1a6f8f5a407ea0113253b557a6dc75c35398edf21bbc5322c47ac1fd0b689 2026-03-18
FileHash-SHA256 b5e685e57c625032ec067be94a2854cce1b7c5a51e8d6bd833841a893d5d88b7 2026-03-18
FileHash-SHA256 b7a89f32f5e64003cfcd1de630bdf36b2254866083e01ea6493186549772c082 2026-03-18
FileHash-SHA256 ba1498476b0613d0b25224deb44130c642467653ec475a47c3fa3024bcb4d7f4 2026-03-18
FileHash-SHA256 c149a236ddf07fb96de1a893b8d09cdfdd2c28abfc4c3c17bb3ebd8c3c7b5cef 2026-03-18
FileHash-SHA256 c2a4212573d7566acf5b610b4ce3598237acd37459670daa1b6950f107d50e03 2026-03-18
FileHash-SHA256 df31cd6305169271c026723a6d638bf8afbcbc429972e7339ac89b53c48a35a8 2026-03-18
FileHash-SHA256 e5941df780ae251bcafad3b833f45ee44bd1599ab45b7adf1f1c79510930642d 2026-03-18
URL http://150.241.64.21:8888/client/addclient 2026-03-18
URL http://91.92.34.130/main.exe 2026-03-18
URL http://95.85.224.14:8000/client/addclient 2026-03-18
URL http://nfkavn.bond/client/addclient 2026-03-18
URL http://salat.cn/sa1at/ 2026-03-18
URL http://salator.es/sa1at/ 2026-03-18
URL http://salator.ru/sa1at/ 2026-03-18
URL http://security.digital-ua.digital/soft/security/updateV3.23.exe 2026-03-18
URL http://ua-gov.info/soft/security/updateV3.23.exe 2026-03-18
URL http://websalat.top/sa1at/ 2026-03-18
URL http://wrat.in:992/sa1at/ 2026-03-18
domain digital-ua.digital 2026-03-18
domain nerc.gov.ua 2026-03-18
domain nfkavn.bond 2026-03-18
domain sa1at.ru 2026-03-18
domain salat.cn 2026-03-18
domain salator.es 2026-03-18
domain salator.ru 2026-03-18
domain ua-gov.info 2026-03-18
domain ukremail.com 2026-03-18
domain websalat.top 2026-03-18
domain wrat.in 2026-03-18
hostname security.digital-ua.digital 2026-03-18
References (1)
↗ https://cert.gov.ua/article/6287707