APT28: From Initial Damage to Domain Controller Threats in an Hour (CERT-UA#8399) [Thursday, December 28, 2023]

APT28: From Initial Damage to Domain Controller Threats in an Hour (CERT-UA#8399) [Thursday, December 28, 2023]
Report

APT28: From Initial Damage to Domain Controller Threats in an Hour (CERT-UA#8399)

Description :
During December 15-25, 2023, several cases of distribution of emails with links to "documents" among government organizations were detected, the visit of which led to the infection of computers by malware.

Published Created Modified
2023-12-28 22:21:43 2023-12-28 22:21:43 2023-12-28 22:47:27

Tags

Indicators

IPv4s :
  • 194.126.178.8
  • 206.189.156.69
  • 88.209.251.6
  • 173.239.196.66
URLs :
  • http://194.126.178.8/webdav/wody.pdf
  • http://194.126.178.8/webdav/231130N581.pdf
  • http://194.126.178.8/webdav/StrategyUa.pdf
  • http://194.126.178.8/webdav/wody.zip
Domains :
  • czyrqdnvpujmmjkfhhvs4knf1av02demj.oast.fun
  • czyrqdnvpujmmjkfhhvsvlaax17vd5r6v.oast.fun
  • czyrqdnvpujmmjkfhhvsgapqr3hclnhhj.oast.fun
  • czyrqdnvpujmmjkfhhvsclx05sfi23bfr.oast.fun
Hashes :
  • 4fa8caea8002cd2247c2d5fd15d4e76762a0f0cdb7a3c9de5b7f4d6b2ab34ec6
  • 19d0c55ac466e4188c4370e204808ca0bc02bba480ec641da8190cb8aee92bdc
  • 593583b312bf48b7748f4372e6f4a560fd38e969399cf2a96798e2594a517bf4
  • 18f891a3737bb53cd1ab451e2140654a376a43b2d75f6695f3133d47a41952b6
  • c22868930c02f2d6962167198fde0d3cda78ac18af506b57f1ca25ca5c39c50d
  • fb2c0355b5c3adc9636551b3fd9a861f4b253a212507df0e346287110233dc23
  • 6d44532b1157ddc2e1f41df178ea9cbc896c19f79e78b3014073af2d8d9504fe
  • 24fd571600dcc00bf2bb8577c7e4fd67275f7d19d852b909395bebcbb1274e04
  • 6bae493b244a94fd3b268ff0feb1cd1fbc7860ecf71b1053bf43eea88e578be9
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.