216.73.217.22

New backdoor targeting Ukrainian entities with possible links to Laundry Bear

· Published 17/03/2026 11:01 · Modified 17/03/2026 11:17

Export JSON

Essential information

Published
17/03/2026 11:01
Modified
17/03/2026 11:17
Tags
2026-03-17 backdoor cpl files drillapp edge browser javascript lnk files russia ukraine websocket
Related entities
28 observables, 1 intrusion sets (apt), 12 techniques (mitre), 1 malware, 3 others

Description

A new campaign targeting Ukrainian entities has been identified, attributed to actors linked to . The campaign uses judicial and charity-themed lures to deploy a -based called , which runs through the . This enables various actions including file manipulation, microphone access, and webcam capture. Two variants of the campaign have been observed, with the second variant introducing additional capabilities. The attackers utilize the browser's capabilities to evade detection and gain access to sensitive resources. The campaign shares tactics with a previously reported Laundry Bear operation, leading to a low-confidence attribution to this group.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (28)

  • 188.137.228.162
  • 80.89.224.13
  • ccb7d999ee4d979e175b8c87e09ccda0cbc93b6140471283e3a1f1f9da33759d
  • 352f34ea5cc40e2b3ec056ae60fa19a368dbd42503ef225cb1ca57956eb05e81
  • ee90b01b16099e0bb23d4653607a3a559590fc8d0c43120b8456fb1860d2e630
  • 8c6ea44ce7f4ed4e4e7e19e11b3b345d58785c93b33aa795ddd1b0d753236b05
  • fb16933b09a4fcca5beff93da05566e924017fb534a2f45caf57b57a633f43a6
  • 6fea579685d2433cedb1c32ef704575dcbc1d0a623769e824023ffccd0dedaae
  • 886df55794cbca146de96dcc626471b3c097a5c20ba488033b24f4347aa20a14
  • 801c47550799831bfb1ac6c5c3fd698be95da19fc85bd65f5d8639f26244d2a9
  • 993d55f60414bf2092f421c3d0ac6af1897a21cc4ea260ae8e610a402bf4c81c
  • eb9c1649e01db6a9a94d5d50373e54865d672b14ad6f221c98047c562d3cc0f3
  • 6178b1af51057c0bac75a842afff500a8fa3ed957d79a712a6ef089bec7e7a8b
  • 32973ef02e10a585a4a0196b013265e29fc57d8e1c50752f7b39e43b9f388715
  • 9367f4b4d2775ff47279d143dd9a0ef544ddff81946aab33da9350a49f14e1e1
  • 107b2badfc93fcdd3ffda7d3999477ced3f39f43f458dd0f6a424c9ab52681c3
  • 2b5d8f8db5fd38ae1c34807dcba35b057cffa61eb14ba3b558f82eb630480c3f
  • 5b978cdc46afa28d83e532cd19622d9097bebedf87efc4c87bd35d8ffad9e672
  • a545908c931ec47884b5ccfb1f112435f5d0cdac140e664673672c9df9016672
  • b891fa118db5190f07b18be46eb9bc10677f9afab1406a7d52ce587522ab3d28
  • bad7c6f6ca25363a02eaceb3ed1e378218dc4a246a63d723cfcc5feee3af5056
  • ac60eefc2607216f8126c0b22b6243f3862ef2bb265c585deee0d00a20a436b3
  • 76eb713e38f145ee68b89f2febd8f9a28bbb2b464da61cb029d84433a0b2c746
  • c6905bae088982a2b234451b45db742098f2e2ab4fd6ca62c8f4e801160552aa
  • e20831cecd763d0dc91fb39f3bd61d17002608c5a40a6cf0bd16111f4e50d341
  • 21fefc3913d3d2dfde7f0dff54800ca7512eb5df9513b1a457a2af25fdd51b26
  • 66a7828bc8c6c783b2ffa3c906d53f6dae1bbddc019283cc369d7d73247c5181
  • 51e86408904c0ca3778361cde746783a0f2b9fd2a6782aa7e062aa597151876e

Intrusion sets (APT) (1)

  • Laundry Bear
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 16:51 · Modified 21/12/2025 16:51

Techniques (MITRE) (12)

Malware (1)

  • DRILLAPP
    Family
    Published 17/03/2026 11:01 · Modified 17/03/2026 11:01

Others (3)

  • Ukraine
  • Defense
  • Government

External references