{"vulnerability": "CVE-2022-38028", "sightings": [{"uuid": "4cf50c3e-bc06-4ea0-89a7-d5d693c99403", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38028", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-04-23T18:10:02.000000Z"}, {"uuid": "1562e20c-47d6-4ee1-9025-22a7abc51dce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38028", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113526545474910695", "content": "", "creation_timestamp": "2024-11-22T12:13:31.294382Z"}, {"uuid": "1bd4c99b-8591-4dfa-be9f-2e411ffbbe83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38028", "type": "seen", "source": "https://gist.github.com/tradebot-elastic/0443cfb5016bed103f1940b2f336e45a", "content": "", "creation_timestamp": "2025-01-09T15:31:50.000000Z"}, {"uuid": "e52cce50-00bd-4e71-807d-03f48fe65c80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38028", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:53.000000Z"}, {"uuid": "6926a7d6-f30f-4703-b991-33c6304095ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38028", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-887b81fb-d3ea0e1ba8258ecc", "content": "", "creation_timestamp": "2025-06-01T02:57:47.388528Z"}, {"uuid": "540ee802-5bca-4890-989b-10f369760e61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38028", "type": "seen", "source": "https://gist.github.com/szymongluchnet/f66c882b6a5d077c0404bb5af7dc209d", "content": "", "creation_timestamp": "2025-08-28T14:29:15.000000Z"}, {"uuid": "ec8384b9-3cf9-4521-b9c0-7a421e7b8660", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38028", "type": "seen", "source": "https://gist.github.com/Metis-Intel/b94dbfe682c0d50d18e127d4891208cb", "content": "", "creation_timestamp": "2025-12-16T03:39:35.000000Z"}, {"uuid": "b3da5450-8368-4900-a2b4-a68006bd1c5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-38028", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/261e7b79-245a-4093-b5ce-f834cfcb9c57", "content": "", "creation_timestamp": "2026-02-02T12:26:37.948151Z"}, {"uuid": "a0eebf2b-bf66-44dc-82c1-20ca29c21f25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38028", "type": "seen", "source": "https://t.me/malwareanalysisinua/150", "content": "APT28 \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u043e\u0432\u0443\u0454 \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u0456\u0441\u0442\u044c Windows Print Spooler \u0434\u043b\u044f \u043f\u0456\u0434\u0432\u0438\u0449\u0435\u043d\u043d\u044f \u043f\u0440\u0438\u0432\u0456\u043b\u0435\u0457\u0432 \u0437\u0430 \u0434\u043e\u043f\u043e\u043c\u043e\u0433\u043e\u044e \u0440\u0430\u043d\u0456\u0448\u0435 \u043d\u0435\u0432\u0456\u0434\u043e\u043c\u043e\u0433\u043e \u0456\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0443 GooseEgg \n\nMicrosoft \u043f\u043e\u043f\u0435\u0440\u0435\u0434\u0436\u0430\u0454, \u0449\u043e \u0440\u043e\u0441\u0456\u0439\u0441\u044c\u043a\u0430 \u0433\u0440\u0443\u043f\u0430 #APT28 (\u0413\u0420\u0423 \u0432/\u0447 26165) \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u043e\u0432\u0443\u0454 \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u0456\u0441\u0442\u044c Windows Print Spooler \u0434\u043b\u044f \u043f\u0456\u0434\u0432\u0438\u0449\u0435\u043d\u043d\u044f \u043f\u0440\u0438\u0432\u0456\u043b\u0435\u0457\u0432 \u0456 \u0432\u0438\u043a\u0440\u0430\u0434\u0435\u043d\u043d\u044f \u043e\u0431\u043b\u0456\u043a\u043e\u0432\u0438\u0445 \u0434\u0430\u043d\u0438\u0445 \u0437\u0430 \u0434\u043e\u043f\u043e\u043c\u043e\u0433\u043e\u044e \u0440\u0430\u043d\u0456\u0448\u0435 \u043d\u0435\u0432\u0456\u0434\u043e\u043c\u043e\u0433\u043e \u0456\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0443 \u0437\u043b\u043e\u043c\u0443 \u043f\u0456\u0434 \u043d\u0430\u0437\u0432\u043e\u044e GooseEgg [1].\nAPT28 \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u043e\u0432\u0443\u0454 \u0446\u0435\u0439 \u0456\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0434\u043b\u044f \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u0430\u043d\u043d\u044f \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u043e\u0441\u0442\u0456 CVE-2022-38028 \u00ab\u043f\u0440\u0438\u043d\u0430\u0439\u043c\u043d\u0456 \u0437 \u0447\u0435\u0440\u0432\u043d\u044f 2020 \u0440\u043e\u043a\u0443 \u0456, \u043c\u043e\u0436\u043b\u0438\u0432\u043e, \u0432\u0436\u0435 \u0437 \u043a\u0432\u0456\u0442\u043d\u044f 2019 \u0440\u043e\u043a\u0443\u00bb. \u041f\u0430\u0442\u0447 \u0432\u0456\u0434 Microsoft \u0432\u0438\u0439\u0448\u043e\u0432 \u043b\u0438\u0448\u0435 \u0432 \u0436\u043e\u0432\u0442\u043d\u0456 2022. \u041a\u043e\u0440\u043f\u043e\u0440\u0430\u0446\u0456\u044f \u041c\u0430\u0439\u043a\u0440\u043e\u0441\u043e\u0444\u0442 \u043f\u043e\u043c\u0456\u0442\u0438\u043b\u0430, \u0449\u043e Forest Blizzard (APT28) \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u043e\u0432\u0443\u0454 GooseEgg \u044f\u043a \u0447\u0430\u0441\u0442\u0438\u043d\u0443 \u0434\u0456\u044f\u043b\u044c\u043d\u043e\u0441\u0442\u0456 \u043f\u0440\u043e\u0442\u0438 \u0443\u043a\u0440\u0430\u0457\u043d\u0441\u044c\u043a\u0438\u0445, \u0437\u0430\u0445\u0456\u0434\u043d\u043e\u0454\u0432\u0440\u043e\u043f\u0435\u0439\u0441\u044c\u043a\u0438\u0445 \u0456 \u043f\u0456\u0432\u043d\u0456\u0447\u043d\u043e\u0430\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u044c\u043a\u0438\u0445 \u0443\u0440\u044f\u0434\u043e\u0432\u0438\u0445, \u043d\u0435\u0443\u0440\u044f\u0434\u043e\u0432\u0438\u0445, \u043e\u0441\u0432\u0456\u0442\u043d\u0456\u0445 \u0456 \u0442\u0440\u0430\u043d\u0441\u043f\u043e\u0440\u0442\u043d\u0438\u0445 \u043e\u0440\u0433\u0430\u043d\u0456\u0437\u0430\u0446\u0456\u0439.\n\n\u0414\u043e \u0440\u0435\u0447\u0456, \u0446\u0435 \u043d\u0435 \u043f\u0435\u0440\u0448\u0430 \u0435\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0456\u044f \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u043e\u0441\u0442\u0456 \u0432 \u0446\u0456\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u0456\u0439 \u0441\u043b\u0443\u0436\u0431\u0456 \u0434\u0435\u0440\u0436\u0430\u0432\u043d\u0438\u043c\u0438 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438. \u0423 2010 Stuxnet (NSA) \u0434\u043b\u044f \u0441\u0432\u043e\u0433\u043e \u043f\u043e\u0448\u0438\u0440\u0435\u043d\u043d\u044f \u0443 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u0456\u0439 SCADA \u043c\u0435\u0440\u0435\u0436\u0456, \u044f\u043a\u0430 \u043a\u0435\u0440\u0443\u0432\u0430\u043b\u0430 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u043c \u0437\u0431\u0430\u0433\u0430\u0447\u0435\u043d\u043d\u044f \u0443\u0440\u0430\u043d\u0443 \u043d\u0430 \u0444\u0430\u0431\u0440\u0438\u0446\u0456 \u0432 \u0406\u0440\u0430\u043d\u0456, \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u0430\u0432 0-day \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u0456\u0441\u0442\u044c \u0443 Print Spooler Service Impersonation Vulnerability (CVE-2010-2729).\n\n\u0414\u0435\u0442\u0430\u043b\u0456 \u0437\u0430 \u043f\u043e\u0441\u0438\u043b\u0430\u043d\u043d\u044f\u043c [1]:\nhttps://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/", "creation_timestamp": "2024-04-28T12:21:10.000000Z"}, {"uuid": "c8116c64-f9c4-4b48-aeae-e89911f4a2ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38028", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/216235", "content": "https://ift.tt/AxjyO8K\nAnalyzing Forest Blizzard\u2019s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials", "creation_timestamp": "2024-04-25T04:51:47.000000Z"}, {"uuid": "596072f2-3aef-4e5c-b300-da6b7bd1b94f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38028", "type": "seen", "source": "https://t.me/ctinow/216074", "content": "https://ift.tt/ieb0YTP\nRussian hackers\u2019 custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)", "creation_timestamp": "2024-04-23T17:26:56.000000Z"}, {"uuid": "81018eff-3864-4492-bf85-6ef98e4a7246", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38028", "type": "exploited", "source": "https://t.me/ctinow/215987", "content": "https://ift.tt/Xg8NrAm\nRussia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw", "creation_timestamp": "2024-04-22T23:31:43.000000Z"}, {"uuid": "80bc7f78-8caa-48ff-908f-731ab9052b95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38028", "type": "exploited", "source": "https://t.me/xakep_ru/15735", "content": "Microsoft: ATP28 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0431\u0430\u0433 \u0432 Windows Print Spooler \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043b\u0435\u0442\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Microsoft \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430, \u0447\u0442\u043e \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 APT28 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-38028 \u0432 Windows Print Spooler \u0434\u043b\u044f \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438 \u043a\u0440\u0430\u0436\u0438 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0440\u0430\u043d\u0435\u0435 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 GooseEgg. \u041f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u043e, \u0447\u0442\u043e \u0430\u0442\u0430\u043a\u0438 \u043f\u0440\u043e\u0438\u0441\u0445\u043e\u0434\u0438\u043b\u0438 \u00ab\u043f\u043e \u043a\u0440\u0430\u0439\u043d\u0435\u0439 \u043c\u0435\u0440\u0435 \u0441 \u0438\u044e\u043d\u044f 2020 \u0433\u043e\u0434\u0430, \u0430 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u0434\u0430\u0436\u0435 \u0441 \u0430\u043f\u0440\u0435\u043b\u044f 2019 \u0433\u043e\u0434\u0430\u00bb, \u0445\u043e\u0442\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u043a\u043e\u043d\u0446\u0435 2022 \u0433\u043e\u0434\u0430.\n\nhttps://xakep.ru/2024/04/24/atp28-gooseegg/", "creation_timestamp": "2024-04-24T12:45:06.000000Z"}, {"uuid": "449fddb3-e850-40e3-b7e8-ebb135170d93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38028", "type": "published-proof-of-concept", "source": "https://t.me/vxunderground/4320", "content": "We've updated the vx-underground Malware Analysis paper collection\n\n- 2024-01-24 - Layers of Deception: Analyzing the Complex Stages of XLoader 4.3 Malware Evolution\n\n- 2024-02-19 - Pelmeni Wrapper: New Wrapper of Kazuar (Turla Backdoor)\n\n- 2024-03-26 - Comprehensive Analysis of EMOTET Malware: Part 1\n\n- 2024-04-13 - Analysis of malicious Microsoft office macros\n\n- 2024-04-22 - Analyzing Forest Blizzard\u2019s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials\n\n- 2024-04-29 - How to unpack Death Ransomware\n\n- 2024-05-01 - \u201cDirty stream\u201d attack: Discovering and mitigating a common vulnerability pattern in Android apps\n\n- 2024-05-08 - APT28 campaign targeting Polish government institutions", "creation_timestamp": "2024-06-07T15:28:26.000000Z"}, {"uuid": "3bc57eb4-2623-4232-8cb3-f6834d34e20a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38028", "type": "published-proof-of-concept", "source": "https://t.me/club31337/1899", "content": "https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/", "creation_timestamp": "2024-11-11T01:56:53.000000Z"}]}