UNG0801: Tracking Threat Clusters obsessed with AV Icon Spoofing targeting Israel

SEQRITE Labs documents Operation IconCat (UNG0801), a targeted spear-phishing campaign against Israeli enterprise organizations that uses Hebrew social engineering and antivirus-icon spoofing to deliver two distinct implants: PYTRIC (a PyInstaller-packaged Python wiper distributed via a malicious PDF and Dropbox link) and RUSTRIC (a Rust implant delivered via malicious Word macros that enumerates AV/EDR products and connects to C2). The report provides technical analysis of payloads, infrastructure and C2 artifacts, IOCs (hashes, domains, IPs), and a mapped MITRE ATT&CK matrix, concluding the activity resembles APT-style operations with both destructive and espionage objectives.