Russia's APT28 uses fear of nuclear war to spread Follina docs in Ukraine
Tags
Common Information
| Type | Value |
|---|---|
| UUID | a5a90506-ea24-4cf7-9340-370d6408152e |
| Fingerprint | 1710bd908f163d89 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 13, 2022, midnight |
| Added to db | Sept. 11, 2022, 12:38 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Russia's APT28 uses fear of nuclear war to spread Follina docs in Ukraine |
| Title | Russia's APT28 uses fear of nuclear war to spread Follina docs in Ukraine |
| Detected Hints/Tags/Attributes | 53/2/26 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 172 | cve-2022-30190 |
|
| Details | Domain | 2 | kitten-268.frge.io |
|
| Details | Domain | 2 | kompartpomiar.pl |
|
| Details | Domain | 1 | mail.sartoc.com |
|
| Details | Domain | 1 | www.specialityllc.com |
|
| Details | File | 4 | threat.rtf |
|
| Details | File | 58 | document.xml |
|
| Details | File | 7 | article.html |
|
| Details | File | 409 | c:\windows\system32\cmd.exe |
|
| Details | File | 1 | kompartpomiar.pl |
|
| Details | File | 25 | interop.dll |
|
| Details | File | 14 | docx.exe |
|
| Details | File | 60 | cookies.sql |
|
| Details | File | 64 | logins.json |
|
| Details | File | 36 | key3.db |
|
| Details | File | 41 | key4.db |
|
| Details | File | 10 | cert8.db |
|
| Details | File | 12 | cert9.db |
|
| Details | File | 24 | signons.sql |
|
| Details | sha256 | 2 | daaa271cee97853bf4e235b55cb34c1f03ea6f8d3c958f86728d41f418b0bf01 |
|
| Details | sha256 | 3 | 2318ae5d7c23bf186b88abecf892e23ce199381b22c8eb216ad1616ee8877933 |
|
| Details | IPv4 | 2 | 144.208.77.68 |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |
|
| Details | Url | 1 | http://kitten-268.frge.io/article.html |
|
| Details | Url | 1 | http://kompartpomiar.pl/grafika/sqlite.interop.dll |
|
| Details | Url | 1 | http://kompartpomiar.pl/grafika/docx.exe |