APT28 campaign against Polish government institutions
· Published 08/05/2024 15:37 · Modified 08/05/2024 17:30
Essential information
- Published
- 08/05/2024 15:37
- Modified
- 08/05/2024 17:30
- Tags
- 2024-05-03 2024-05-04 2024-05-05 2024-05-06 2024-05-07 2024-05-08 apt28 bat script campaign government headlace microsoft edge mocky phishing poland russia webhook
- Related entities
- 74 observables, 4 techniques (mitre), 1 malware, 5 others
Description
The CERT Polska team is investigating a large-scale malware campaign carried out by the Russian intelligence group APT28, which has been targeting Polish government institutions in the past year and is believed to be linked to the GRU.
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Observables (74)
https://webhook.site/f97bcee0-0d91-4503-a30c-027f1b34820fhttps://webhook.site/efb79108-a2b5-4cba-844d-6352bb8fad8chttps://webhook.site/e13d23aa-b6f8-4491-9adc-71f7f8c438dfhttps://webhook.site/dee016bf-21a2-45dd-86b4-6099747794c4^'^https://webhook.site/dee016bf-21a2-45dd-86b4-6099747794c4https://webhook.site/c618ea32-2923-4c12-8151-8d0002b56af0https://webhook.site/c1112bb3-0e6e-4ba4-abe7-fb31388b47adhttps://webhook.site/bec23763-b8d9-4191-99ba-04a4a163b4dehttps://webhook.site/bc349b93-b047-42f8-a421-d45e3ec94dc5https://webhook.site/b10bd697-1a9f-4ec7-aa2f-1fa84ad916a1https://webhook.site/9c87649c-220d-425d-8331-ffc8d9b94a38https://webhook.site/9a9cdaf8-120c-4de9-b17a-d6d8e2796a3bhttps://webhook.site/90fea98f-fbdb-4847-be03-409d02a43cafhttps://webhook.site/7674f06b-e435-4470-a594-6d59578c552dhttps://webhook.site/66ea3bbc-29dc-4ece-b804-71c6ec7b77b6https://webhook.site/5e4c7949-30a2-4477-9e9b-e8828fc76a1bhttps://webhook.site/5a8758c6-5702-4fea-9d5e-4fbdb6dd795fhttps://webhook.site/577b82c3-7249-44e9-9353-5eab106fead6https://webhook.site/5100fcc0-f6be-4b09-8c58-5a8a6706ec4fhttps://webhook.site/508da0df-7ec9-420e-b1fe-958fbbe699d1https://webhook.site/4fe5885c-f2f6-4905-8bc7-aef1a046a134https://webhook.site/4ba464d9-0675-4a7a-9966-8f84e93290bahttps://webhook.site/3f396db1-2016-4b69-9ec3-ffc417d5f3aahttps://webhook.site/2d07e34c-3dd3-45e8-865c-3888a65ab885https://webhook.site/1658772a-4de8-4368-a604-980c90b0a1edhttps://webhook.site/127df518-52be-46c5-bbb2-0479f4b9693bhttps://webhook.site/0ef0dcf7-f258-4d02-b274-cbf62a2000cfhttps://webhook.site/0d2dc90e-2d5e-49f8-8249-d7ab955c387ahttps://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=f97bcee0-0d91-4503-a30c-027f1b34820fhttps://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=efb79108-a2b5-4cba-844d-6352bb8fad8chttps://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=c1112bb3-0e6e-4ba4-abe7-fb31388b47adhttps://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=bc349b93-b047-42f8-a421-d45e3ec94dc5https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=5100fcc0-f6be-4b09-8c58-5a8a6706ec4fhttps://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=5e4c7949-30a2-4477-9e9b-e8828fc76a1bhttps://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=508da0df-7ec9-420e-b1fe-958fbbe699d1https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=2d07e34c-3dd3-45e8-865c-3888a65ab885https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=1658772a-4de8-4368-a604-980c90b0a1edhttps://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=127df518-52be-46c5-bbb2-0479f4b9693bfb42a4e0f2dd293fd6e7acb8d67d67698a0ae7685bc5462685acf4c2f73d0b44f348a0349fdec136c3ac9eaee9b8761da6bd33df82056e4dd792192731675b00ef67f20ff9184cab46408b27eaf12a5941c9f130be49f1c6ac421b546dac2bacee433ddd5988ab7325b92378c6d3cb736ddb7f1bad75b939e8c931f417660129e826dc4f5c16a1802517881f32f26061a4cbc508c3f7944540a209217078aa11dfd1f3229f903887f2474f361a26273dc63a6221883e86c5eea2dec9521dc081e1069c8677d64226f7881e8504ed7a13f79f43f143842ea6c1c8b2cc680ed6c2d714fff643d53fdd56cf9dcb3bd265e1920c4b5f34a4668b584a0619703d8a3eca700d44db08ad2ebd52278a3b303f8c13e44847a507fb317ea5dfb6cc924a76c968f9dd1f16a435901d2b93a028a0ae2508e943c8f480935a529826deb3dbebbab7e81395e1e9ee1680c3bb702c44b1b13ee5e67fa893d765284ae168de8369b3e60909036c4110eb7e3d8c0b1db5be5c164fcc32056885e4f1afe561341afdae4e94c5027998f4ce17343e50b935f448e099a89266f9564bd53a069da2ca9a9ddf5561562a62961a6fcac1dc49633cb79f5d3c8cc9b95fd9f87e7be70d2d35949b0bd52a4ed47bc4a342e5a29bff2bcdb0169d2fbf0f052509b65229e19b6e96766dfbf6c661ee3e9f750696803824a04e58402c66f208835a7acebfab1cfc939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da02336485f10d3df079b4db3a83ae3c4620c58a8362df2be449f8ce830d087ab41c7a527c6689f591ce2ccd6713df62d5135820f94bdbf2e035ab70e6b3c6746865a898750948489ed5b92750dc254c47b02eb595c6ffcefded6f9d14c3482a96a6e793745cfce3e0242d0d5f6765b1f74608e9086d7793b45dbd1747f2d2778dec6587642315d3091a3dfba6c0ed06f119fc40d21f3d84574b53e045baf8910e1fb38c5d2675572e092ba9aece8c8d0b9404b3adbd27db1312cd659ba561b86301fe735883842c87ca6b59236257e15db983cc88d4948cf0d649455f8f393899673fcc598a8b918d0d2908a756475aee1e9ffaa57b110d8519014a075668b8b118299052b8bfbd9ef8ecfd54e71c74a7131cb7b3cc61ea01bc6ce17cbe7aef14acc9484f0f9a2076b0fd14124bed08f5fc939bada528e7a8163912a4ad1ec7687029a343ff178e428373512b83f85db32f364fc19c9a4ac7317835bd5089915b8727b54001498463dc8f8010ef1cc803b67ac434ff26d67d132933a187697aa2e88ef138ae06833528db02cb3a315d96ad2a664b732b5620675028a8c5e059e820514f351f10d7df282afed4558d765aa5018af0711fa4f37fa7eb82716313f4848a2f34cabc0ff2f216830ffe217e8f8d0fa4b7d3a167576745aba48b7e62f546207b2bd9591bea6b1f4128e4819e3888b45b193d5a2722672b839ad7ae120bf9af3d158d49cce44968ddd028b1ef5ebc2a5183a31f05707f9dc699f0c47741be84db0873a19d278a7a8e8cff2dc2e7edbfddc650d8ea961162a6eb3cb3ea1466598307e539373177801e3fc5427bf691c0315a23b527d39e756daad6a9fc48e846bc
Techniques (MITRE) (4)
Malware (1)
-
FamilyPublished 05/08/2024 08:30 · Modified 05/08/2024 08:30
Others (5)
- Defence
- Military
- Defense
- Government
- Critical Infrastructure