Kampania APT28 skierowana przeciwko polskim instytucjom rządowym
Tags
| attack-pattern: | Data Dll Side-Loading - T1574.002 Social Media - T1593.001 Dll Side-Loading - T1073 Scripting - T1064 Scripting |
Common Information
| Type | Value |
|---|---|
| UUID | 3ebce806-c673-44c5-9cf2-bf1ce2a26f20 |
| Fingerprint | 4ada588f3840a47 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 8, 2024, midnight |
| Added to db | Oct. 1, 2024, 3:41 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | CERT Polska w social mediach |
| Title | Kampania APT28 skierowana przeciwko polskim instytucjom rządowym |
| Detected Hints/Tags/Attributes | 26/1/136 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Redirection | https://cert.pl/posts/2024/05/apt28-kampania |
| Details | Source | https://cert.pl/posts/2024/05/apt28-kampania/ |
URL Provider
| Details | Provider | Source level domain |
|---|---|---|
| Details | cert.pl | cert.pl |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 6 | run.mocky.io |
|
| Details | Domain | 50 | webhook.site |
|
| Details | Domain | 2 | img-238279780.zip |
|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 2 | uaxhexd.tab |
|
| Details | Domain | 49 | xhr.open |
|
| Details | Domain | 123 | ipinfo.io |
|
| Details | Domain | 2 | img-1030873974629655576.zip |
|
| Details | Domain | 2 | img-7214532.zip |
|
| Details | Domain | 2 | img-810629002957075004.zip |
|
| Details | Domain | 2 | img-368912.zip |
|
| Details | Domain | 2 | img-451458326.zip |
|
| Details | Domain | 2 | img-0601181.zip |
|
| Details | Domain | 2 | img-89848928.zip |
|
| Details | Domain | 2 | img-3907894910429.zip |
|
| Details | File | 2 | img-238279780.zip |
|
| Details | File | 2 | img-238279780.jpg |
|
| Details | File | 23 | windowscodecs.dll |
|
| Details | File | 2 | %userprofile%\downloads\img-63492336968.jpg |
|
| Details | File | 2 | dee016bf-21a2-45dd-86b4-6099747794c4.bat |
|
| Details | File | 2 | %programdata%\dee016bf-21a2-45dd-86b4-6099747794c4.vbs |
|
| Details | File | 128 | msedge.exe |
|
| Details | File | 2 | %programdata%\dee016bf-21a2-45dd-86b4-6099747794c4.bat |
|
| Details | File | 2 | string.raw |
|
| Details | File | 2 | %programdata%\uaxhexd.tab |
|
| Details | File | 2 | %programdata%\bwjxyeysed.dif |
|
| Details | File | 2 | %programdata%\nydgflyhuv.html |
|
| Details | File | 2 | nydgflyhuv.html |
|
| Details | File | 2 | img-1030873974629655576.zip |
|
| Details | File | 2 | bcpcn.bat |
|
| Details | File | 2 | img-1030873974629655576.jpg |
|
| Details | File | 2 | kpqsklcrdsonoknaote.css |
|
| Details | File | 2 | img-7214532.zip |
|
| Details | File | 2 | zdesdyf.bat |
|
| Details | File | 2 | hjpxswjdkayzwfphx.bat |
|
| Details | File | 2 | vngradn.css |
|
| Details | File | 2 | img-810629002957075004.zip |
|
| Details | File | 2 | yvrlqpkgngppjp.bat |
|
| Details | File | 2 | img-810629002957075004.jpg |
|
| Details | File | 2 | ovhupm.css |
|
| Details | File | 2 | img-368912.zip |
|
| Details | File | 2 | udkozfnsljmbpjs.bat |
|
| Details | File | 2 | img-368912.jpg |
|
| Details | File | 2 | wrkybdizscvb.css |
|
| Details | File | 2 | img-451458326.zip |
|
| Details | File | 2 | illgvjrfyevoqxk.bat |
|
| Details | File | 2 | img-451458326.jpg |
|
| Details | File | 2 | mzmtfylpywlyurkcd.css |
|
| Details | File | 2 | img-0601181.zip |
|
| Details | File | 2 | hzjtajjklr.bat |
|
| Details | File | 2 | img-0601181.jpg |
|
| Details | File | 2 | daukbpnawvkfcjcfzu.css |
|
| Details | File | 2 | img-89848928.zip |
|
| Details | File | 2 | jxfgibtfxiewsdvmeg.bat |
|
| Details | File | 2 | img-89848928.jpg |
|
| Details | File | 2 | cvywrkrhhfzza.css |
|
| Details | File | 2 | img-3907894910429.zip |
|
| Details | File | 2 | bmpxjphdzwommblflx.bat |
|
| Details | File | 2 | img-3907894910429.jpg |
|
| Details | File | 2 | qseybqanfkus.css |
|
| Details | sha256 | 2 | 2bd9591bea6b1f4128e4819e3888b45b193d5a2722672b839ad7ae120bf9af3d |
|
| Details | sha256 | 2 | 52b8bfbd9ef8ecfd54e71c74a7131cb7b3cc61ea01bc6ce17cbe7aef14acc948 |
|
| Details | sha256 | 2 | 4001498463dc8f8010ef1cc803b67ac434ff26d67d132933a187697aa2e88ef1 |
|
| Details | sha256 | 2 | 158d49cce44968ddd028b1ef5ebc2a5183a31f05707f9dc699f0c47741be84db |
|
| Details | sha256 | 2 | 939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364 |
|
| Details | sha256 | 2 | 7c6689f591ce2ccd6713df62d5135820f94bdbf2e035ab70e6b3c6746865a898 |
|
| Details | sha256 | 2 | c968f9dd1f16a435901d2b93a028a0ae2508e943c8f480935a529826deb3dbeb |
|
| Details | sha256 | 2 | 34cabc0ff2f216830ffe217e8f8d0fa4b7d3a167576745aba48b7e62f546207b |
|
| Details | sha256 | 2 | e1069c8677d64226f7881e8504ed7a13f79f43f143842ea6c1c8b2cc680ed6c2 |
|
| Details | sha256 | 2 | 43ff178e428373512b83f85db32f364fc19c9a4ac7317835bd5089915b8727b5 |
|
| Details | sha256 | 2 | ca700d44db08ad2ebd52278a3b303f8c13e44847a507fb317ea5dfb6cc924a76 |
|
| Details | sha256 | 2 | bab7e81395e1e9ee1680c3bb702c44b1b13ee5e67fa893d765284ae168de8369 |
|
| Details | sha256 | 2 | 38ae06833528db02cb3a315d96ad2a664b732b5620675028a8c5e059e820514f |
|
| Details | sha256 | 2 | ee433ddd5988ab7325b92378c6d3cb736ddb7f1bad75b939e8c931f417660129 |
|
| Details | sha256 | 2 | 9ddf5561562a62961a6fcac1dc49633cb79f5d3c8cc9b95fd9f87e7be70d2d35 |
|
| Details | sha256 | 2 | dfd1f3229f903887f2474f361a26273dc63a6221883e86c5eea2dec9521dc081 |
|
| Details | sha256 | 2 | 949b0bd52a4ed47bc4a342e5a29bff2bcdb0169d2fbf0f052509b65229e19b6e |
|
| Details | sha256 | 2 | 642315d3091a3dfba6c0ed06f119fc40d21f3d84574b53e045baf8910e1fb38c |
|
| Details | sha256 | 2 | fb42a4e0f2dd293fd6e7acb8d67d67698a0ae7685bc5462685acf4c2f73d0b44 |
|
| Details | sha256 | 2 | 07e539373177801e3fc5427bf691c0315a23b527d39e756daad6a9fc48e846bc |
|
| Details | sha256 | 2 | 5d2675572e092ba9aece8c8d0b9404b3adbd27db1312cd659ba561b86301fe73 |
|
| Details | sha256 | 2 | f348a0349fdec136c3ac9eaee9b8761da6bd33df82056e4dd792192731675b00 |
|
| Details | sha256 | 2 | 351f10d7df282afed4558d765aa5018af0711fa4f37fa7eb82716313f4848a2f |
|
| Details | sha256 | 2 | 85f10d3df079b4db3a83ae3c4620c58a8362df2be449f8ce830d087ab41c7a52 |
|
| Details | sha256 | 2 | 745cfce3e0242d0d5f6765b1f74608e9086d7793b45dbd1747f2d2778dec6587 |
|
| Details | sha256 | 2 | 598a8b918d0d2908a756475aee1e9ffaa57b110d8519014a075668b8b1182990 |
|
| Details | sha256 | 2 | ef67f20ff9184cab46408b27eaf12a5941c9f130be49f1c6ac421b546dac2bac |
|
| Details | sha256 | 2 | 96766dfbf6c661ee3e9f750696803824a04e58402c66f208835a7acebfab1cfc |
|
| Details | sha256 | 2 | 4f0f9a2076b0fd14124bed08f5fc939bada528e7a8163912a4ad1ec7687029a3 |
|
| Details | sha256 | 2 | ae4e94c5027998f4ce17343e50b935f448e099a89266f9564bd53a069da2ca9a |
|
| Details | sha256 | 2 | d714fff643d53fdd56cf9dcb3bd265e1920c4b5f34a4668b584a0619703d8a3e |
|
| Details | sha256 | 2 | b3e60909036c4110eb7e3d8c0b1db5be5c164fcc32056885e4f1afe561341afd |
|
| Details | sha256 | 2 | 5883842c87ca6b59236257e15db983cc88d4948cf0d649455f8f393899673fcc |
|
| Details | sha256 | 2 | 0873a19d278a7a8e8cff2dc2e7edbfddc650d8ea961162a6eb3cb3ea14665983 |
|
| Details | sha256 | 2 | e826dc4f5c16a1802517881f32f26061a4cbc508c3f7944540a209217078aa11 |
|
| Details | sha256 | 2 | 750948489ed5b92750dc254c47b02eb595c6ffcefded6f9d14c3482a96a6e793 |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |
|
| Details | Url | 2 | https://webhook.site/dee016bf-21a2-45dd-86b4-6099747794c4^'^);xhr.setrequestheader |
|
| Details | Url | 9 | https://ipinfo.io |
|
| Details | Url | 2 | https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=2d07e34c |
|
| Details | Url | 2 | https://webhook.site/2d07e34c-3dd3-45e8-865c-3888a65ab885 |
|
| Details | Url | 2 | https://webhook.site/4ba464d9-0675-4a7a-9966-8f84e93290ba |
|
| Details | Url | 2 | https://webhook.site/577b82c3-7249-44e9-9353-5eab106fead6 |
|
| Details | Url | 2 | https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=127df518 |
|
| Details | Url | 2 | https://webhook.site/127df518-52be-46c5-bbb2-0479f4b9693b |
|
| Details | Url | 2 | https://webhook.site/0ef0dcf7-f258-4d02-b274-cbf62a2000cf |
|
| Details | Url | 2 | https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=c1112bb3 |
|
| Details | Url | 2 | https://webhook.site/c1112bb3-0e6e-4ba4-abe7-fb31388b47ad |
|
| Details | Url | 2 | https://webhook.site/3f396db1-2016-4b69-9ec3-ffc417d5f3aa |
|
| Details | Url | 2 | https://webhook.site/66ea3bbc-29dc-4ece-b804-71c6ec7b77b6 |
|
| Details | Url | 2 | https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=efb79108 |
|
| Details | Url | 2 | https://webhook.site/efb79108-a2b5-4cba-844d-6352bb8fad8c |
|
| Details | Url | 2 | https://webhook.site/9c87649c-220d-425d-8331-ffc8d9b94a38 |
|
| Details | Url | 2 | https://webhook.site/c618ea32-2923-4c12-8151-8d0002b56af0 |
|
| Details | Url | 2 | https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=f97bcee0 |
|
| Details | Url | 2 | https://webhook.site/f97bcee0-0d91-4503-a30c-027f1b34820f |
|
| Details | Url | 2 | https://webhook.site/9a9cdaf8-120c-4de9-b17a-d6d8e2796a3b |
|
| Details | Url | 2 | https://webhook.site/e13d23aa-b6f8-4491-9adc-71f7f8c438df |
|
| Details | Url | 2 | https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=5e4c7949 |
|
| Details | Url | 2 | https://webhook.site/5e4c7949-30a2-4477-9e9b-e8828fc76a1b |
|
| Details | Url | 2 | https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=5100fcc0 |
|
| Details | Url | 2 | https://webhook.site/5100fcc0-f6be-4b09-8c58-5a8a6706ec4f |
|
| Details | Url | 2 | https://webhook.site/7674f06b-e435-4470-a594-6d59578c552d |
|
| Details | Url | 2 | https://webhook.site/dee016bf-21a2-45dd-86b4-6099747794c4 |
|
| Details | Url | 2 | https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=508da0df |
|
| Details | Url | 2 | https://webhook.site/508da0df-7ec9-420e-b1fe-958fbbe699d1 |
|
| Details | Url | 2 | https://webhook.site/bec23763-b8d9-4191-99ba-04a4a163b4de |
|
| Details | Url | 2 | https://webhook.site/90fea98f-fbdb-4847-be03-409d02a43caf |
|
| Details | Url | 2 | https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=bc349b93 |
|
| Details | Url | 2 | https://webhook.site/bc349b93-b047-42f8-a421-d45e3ec94dc5 |
|
| Details | Url | 2 | https://webhook.site/5a8758c6-5702-4fea-9d5e-4fbdb6dd795f |
|
| Details | Url | 2 | https://webhook.site/b10bd697-1a9f-4ec7-aa2f-1fa84ad916a1 |
|
| Details | Url | 2 | https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=1658772a |
|
| Details | Url | 2 | https://webhook.site/1658772a-4de8-4368-a604-980c90b0a1ed |
|
| Details | Url | 2 | https://webhook.site/4fe5885c-f2f6-4905-8bc7-aef1a046a134 |
|
| Details | Url | 2 | https://webhook.site/0d2dc90e-2d5e-49f8-8249-d7ab955c387a |