IOC Radar
TLP:WHITE14 IOCs

UAC-0184: From HTA to a Signed Network Stack

SS
Synaptic Systems
Published May 18, 2026Original Report

Threat Actors

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYAPT28GamaredonINFRASTRUCTUREhttp://169.40.135.35/…http://169.40.135.35/…http://169.40.135.35/…CAPABILITYunknownVICTIMunknown
Adversary(2)
Infrastructure(5)
Capability
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise14

TypeIndicatorConfidenceScoreFirst Seen
URLhttp://169.40.135.35/dctrprraclus.zip
intel-blognetworkurl
High
58
Jun 2, 26
SHA256f5ca9c53d1537142889d7172c6643e886b2164233b91f0fc2d41ca010f035372
file-hashindicatorintel-blog
Medium
53
Jun 2, 26
URLhttp://169.40.135.35/dctrpr/*.hta
intel-blognetworkurl
High
58
Jun 2, 26
SHA256b811f28b844eff8c1f4f931639bed5bcc41113364fdfc44d7703259457839edb
file-hashindicatorintel-blog
Medium
53
Jun 2, 26
URLhttp://169.40.135.35/dctrpr/agentdiesel.hta
intel-blognetworkurl
High
58
Jun 2, 26
SHA25681d93004a02a455af01b0f709e34d5134108ec350f9391dc0f91a00a54998590
file-hashindicatorintel-blog
Medium
53
Jun 2, 26
SHA256df6942dc1a89226359adf1aac597c3b270f4a408214b4f7c2083f9524605e0f7
file-hashindicatorintel-blog
Medium
53
Jun 2, 26
URLhttp://169.40.135.35/dctrpr/slippersuppity.hta
intel-blognetworkurl
High
58
Jun 2, 26
URLhttp://169.40.135.35/dctrpr/basketpast.hta
intel-blognetworkurl
High
58
Jun 2, 26
SHA25630a5f342c3f9bff21d18b874d51c289a5414837731118e6765dad225c55d5996
file-hashindicatorintel-blog
Medium
53
Jun 2, 26
SHA256dc6cddc391b373b18f105f49a80ff83d53b430d8dea35c1f1576832fa9fbd2b3
file-hashindicatorintel-blog
Medium
53
Jun 2, 26
SHA256651b07f731b23e8608eecf87e45194f903c2ccb3fd8b55ea8a6e0ca984ff8518
exploitfile-hashintel-blog
Medium
53
Jun 2, 26
SHA256d735004496f54a943647a50f42ecdd094cd3d0f58a4ee5d2e36d10c5493337b7
exploitfile-hashintel-blog
Medium
53
Jun 2, 26
SHA25633e44dea247eaa8b0fc8ed1f8ed575905f6ce0b7119337ddd29863bbb03288b3
file-hashindicatorintel-blog
Medium
53
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph14 total IOCs
URLSHA256
SHA2569URL5Actors2REPORTUAC-0184: From HTA to a SiAPT28Gamaredon
scroll to zoom · drag to pan · click IOC to open