APT28 campaign against Polish government institutions
May 8, 2024, 5:30 p.m.
Description
The CERT Polska team is investigating a large-scale malware campaign carried out by the Russian intelligence group APT28, which has been targeting Polish government institutions in the past year and is believed to be linked to the GRU.
Tags
Date
- Created: May 8, 2024, 3:37 p.m.
- Published: May 8, 2024, 3:37 p.m.
- Modified: May 8, 2024, 5:30 p.m.
Indicators
- fb42a4e0f2dd293fd6e7acb8d67d67698a0ae7685bc5462685acf4c2f73d0b44
- f348a0349fdec136c3ac9eaee9b8761da6bd33df82056e4dd792192731675b00
- ef67f20ff9184cab46408b27eaf12a5941c9f130be49f1c6ac421b546dac2bac
- ee433ddd5988ab7325b92378c6d3cb736ddb7f1bad75b939e8c931f417660129
- e826dc4f5c16a1802517881f32f26061a4cbc508c3f7944540a209217078aa11
- dfd1f3229f903887f2474f361a26273dc63a6221883e86c5eea2dec9521dc081
- e1069c8677d64226f7881e8504ed7a13f79f43f143842ea6c1c8b2cc680ed6c2
- d714fff643d53fdd56cf9dcb3bd265e1920c4b5f34a4668b584a0619703d8a3e
- ca700d44db08ad2ebd52278a3b303f8c13e44847a507fb317ea5dfb6cc924a76
- c968f9dd1f16a435901d2b93a028a0ae2508e943c8f480935a529826deb3dbeb
- bab7e81395e1e9ee1680c3bb702c44b1b13ee5e67fa893d765284ae168de8369
- b3e60909036c4110eb7e3d8c0b1db5be5c164fcc32056885e4f1afe561341afd
- ae4e94c5027998f4ce17343e50b935f448e099a89266f9564bd53a069da2ca9a
- 9ddf5561562a62961a6fcac1dc49633cb79f5d3c8cc9b95fd9f87e7be70d2d35
- 949b0bd52a4ed47bc4a342e5a29bff2bcdb0169d2fbf0f052509b65229e19b6e
- 96766dfbf6c661ee3e9f750696803824a04e58402c66f208835a7acebfab1cfc
- 939e664afa589272c4920b8463d80757afe5b1abd294cd9e59104c04da023364
- 85f10d3df079b4db3a83ae3c4620c58a8362df2be449f8ce830d087ab41c7a52
- 7c6689f591ce2ccd6713df62d5135820f94bdbf2e035ab70e6b3c6746865a898
- 750948489ed5b92750dc254c47b02eb595c6ffcefded6f9d14c3482a96a6e793
- 745cfce3e0242d0d5f6765b1f74608e9086d7793b45dbd1747f2d2778dec6587
- 642315d3091a3dfba6c0ed06f119fc40d21f3d84574b53e045baf8910e1fb38c
- 5d2675572e092ba9aece8c8d0b9404b3adbd27db1312cd659ba561b86301fe73
- 5883842c87ca6b59236257e15db983cc88d4948cf0d649455f8f393899673fcc
- 598a8b918d0d2908a756475aee1e9ffaa57b110d8519014a075668b8b1182990
- 52b8bfbd9ef8ecfd54e71c74a7131cb7b3cc61ea01bc6ce17cbe7aef14acc948
- 4f0f9a2076b0fd14124bed08f5fc939bada528e7a8163912a4ad1ec7687029a3
- 43ff178e428373512b83f85db32f364fc19c9a4ac7317835bd5089915b8727b5
- 4001498463dc8f8010ef1cc803b67ac434ff26d67d132933a187697aa2e88ef1
- 38ae06833528db02cb3a315d96ad2a664b732b5620675028a8c5e059e820514f
- 351f10d7df282afed4558d765aa5018af0711fa4f37fa7eb82716313f4848a2f
- 34cabc0ff2f216830ffe217e8f8d0fa4b7d3a167576745aba48b7e62f546207b
- 2bd9591bea6b1f4128e4819e3888b45b193d5a2722672b839ad7ae120bf9af3d
- 158d49cce44968ddd028b1ef5ebc2a5183a31f05707f9dc699f0c47741be84db
- 0873a19d278a7a8e8cff2dc2e7edbfddc650d8ea961162a6eb3cb3ea14665983
- 07e539373177801e3fc5427bf691c0315a23b527d39e756daad6a9fc48e846bc
- https://webhook.site/f97bcee0-0d91-4503-a30c-027f1b34820f
- https://webhook.site/efb79108-a2b5-4cba-844d-6352bb8fad8c
- https://webhook.site/e13d23aa-b6f8-4491-9adc-71f7f8c438df
- https://webhook.site/dee016bf-21a2-45dd-86b4-6099747794c4^'^
- https://webhook.site/dee016bf-21a2-45dd-86b4-6099747794c4
- https://webhook.site/c618ea32-2923-4c12-8151-8d0002b56af0
- https://webhook.site/c1112bb3-0e6e-4ba4-abe7-fb31388b47ad
- https://webhook.site/bec23763-b8d9-4191-99ba-04a4a163b4de
- https://webhook.site/bc349b93-b047-42f8-a421-d45e3ec94dc5
- https://webhook.site/b10bd697-1a9f-4ec7-aa2f-1fa84ad916a1
- https://webhook.site/9c87649c-220d-425d-8331-ffc8d9b94a38
- https://webhook.site/9a9cdaf8-120c-4de9-b17a-d6d8e2796a3b
- https://webhook.site/90fea98f-fbdb-4847-be03-409d02a43caf
- https://webhook.site/7674f06b-e435-4470-a594-6d59578c552d
- https://webhook.site/66ea3bbc-29dc-4ece-b804-71c6ec7b77b6
- https://webhook.site/5e4c7949-30a2-4477-9e9b-e8828fc76a1b
- https://webhook.site/5a8758c6-5702-4fea-9d5e-4fbdb6dd795f
- https://webhook.site/577b82c3-7249-44e9-9353-5eab106fead6
- https://webhook.site/5100fcc0-f6be-4b09-8c58-5a8a6706ec4f
- https://webhook.site/508da0df-7ec9-420e-b1fe-958fbbe699d1
- https://webhook.site/4fe5885c-f2f6-4905-8bc7-aef1a046a134
- https://webhook.site/4ba464d9-0675-4a7a-9966-8f84e93290ba
- https://webhook.site/3f396db1-2016-4b69-9ec3-ffc417d5f3aa
- https://webhook.site/2d07e34c-3dd3-45e8-865c-3888a65ab885
- https://webhook.site/1658772a-4de8-4368-a604-980c90b0a1ed
- https://webhook.site/127df518-52be-46c5-bbb2-0479f4b9693b
- https://webhook.site/0ef0dcf7-f258-4d02-b274-cbf62a2000cf
- https://webhook.site/0d2dc90e-2d5e-49f8-8249-d7ab955c387a
- https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=f97bcee0-0d91-4503-a30c-027f1b34820f
- https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=efb79108-a2b5-4cba-844d-6352bb8fad8c
- https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=c1112bb3-0e6e-4ba4-abe7-fb31388b47ad
- https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=bc349b93-b047-42f8-a421-d45e3ec94dc5
- https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=5100fcc0-f6be-4b09-8c58-5a8a6706ec4f
- https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=5e4c7949-30a2-4477-9e9b-e8828fc76a1b
- https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=508da0df-7ec9-420e-b1fe-958fbbe699d1
- https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=2d07e34c-3dd3-45e8-865c-3888a65ab885
- https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=1658772a-4de8-4368-a604-980c90b0a1ed
- https://run.mocky.io/v3/87f277a5-a081-4976-8e12-351b6c02a903?q=127df518-52be-46c5-bbb2-0479f4b9693b
Attack Patterns
- HEADLACE
- T1557
- T1102
- T1204
- T1566
Additional Informations
- Defence
- Military
- Defense
- Government
- Critical Infrastructure