UAC-0056 cyberattack using GraphSteel and GrimPlant malware and COVID-19
released on 2022-05-03 @ 03:59:22 PM
The Governmental Computer Emergency Response Team of Ukraine CERT-UA received an email from the coordinating entity with an attachment in the form of an XLS-document "Aid request COVID-19-04_5_22.xls", which contains a macro. If the macro is activated, the latter will decode the payload located in the hidden sheet of the document, as well as create a disk and run the Go bootloader. In the future, malware GraphSteel (compilation date: 2022-04-21) and GrimPlant will be downloaded and executed on the computer.