3 malware families

UAC-0149

Also known asUAC-0149

UAC-0149 is a Russian-attributed threat group identified as one of five groups responsible for the majority of observed Russian cyber activity against Ukraine in the first half of 2024. Reported activity is focused on Ukraine's military and defense sectors, with an emphasis on intelligence gathering. The group is described as using remote access Trojans (RATs) to compromise Windows computers used by Ukrainian Forces. No additional aliases, sub-groups, or group-specific tooling beyond this attribution and RAT usage are directly provided in the source content.

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

ARSENAL

Associated malware families

3 malware families attributed to this actor across reporting.

FamilyContextEvidenceLast seen

GREYBATTLE"UNC5125 ... leveraged an Android malware called GREYBATTLE, a bespoke version of the Hydra banking trojan, to steal credentials and data..."1Mar 8, 2026

Hydra"...GREYBATTLE, a bespoke version of the Hydra banking trojan..."1Mar 8, 2026

MESSYFORK"...distributed via messaging apps malware like MESSYFORK (aka COOKBOX) to an Unmanned Aerial Vehicle (UAV) operator..."1Mar 8, 2026

ACTIVITY FEED

Recent activity

1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

1 SOURCESView more in app

hackreadNews

Oct 2, 2024

Russian Cyber Offensive Shifts Focus to Ukraine’s Military Infrastructure

Russian-attributed threat group conducting targeted cyber operations against Ukraine's defense and military sectors, primarily for intelligence gathering.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal3

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.