Core Werewolf hones its arsenal against Russia’s government organizations

Oct. 14, 2024, 11:15 a.m.

Tags
loader
russia
autoit
telegram
2024-10-14
delivery
External References
Description

BI.ZONE Threat Intelligence continues monitoring a threat actor called Core Werewolf, which has targeted Russia's defense industry and critical infrastructure since 2021. In its recent campaigns, the adversary employed a new loader written in AutoIt and started delivering malicious files via Telegram messenger, in addition to email. The report highlights that threat actors experiment with various malware delivery methods and update their tools to evade detection. AutoIt remains a popular language for developing malware.

Date

Published: Oct. 14, 2024, 11:03 a.m.

Created: Oct. 14, 2024, 11:03 a.m.

Modified: Oct. 14, 2024, 11:15 a.m.

Indicators

eecfa15d69a6322fac39e945d68664a037e48a60644a76acd8b49490e6c93c06

b09807247282baaddb32ffe114b046325dd648a4c298f3b5c9addaa635b0520c

d42942acee6154609c1c5f61bb0fb863c4598dd82e6d28af58c9dfbee71c4521

a8ea0f64e7e08d59b45068c1ff4eda4d7fd9d92148cd3d4c664da9c18aaf1f32

a049cc364151ddfb3b87c11050a9b027ec4a1687ae4415b8d07afa4bc7aeaced

75cd7ef3e87d59f32939832e3b5eeb586d0fc1467721a30b64132bc5f833697f

98e4f904f7de1644e519d09371b8afcbbf40ff3bd56d76ce4df48479a4ab884b

731b4673f28da5d8b48f016a478be4e1ffea247d5b44a6612c506110b8fdd97c

703835c57b8985141ef3ef652e2593935a47bd9779d08963c5eb973b8b82d08a

6a3584f8e6b5f8e2fb5826aa0f042bf30b06e7467f022499a71273e15daaa216

3cfc1ecd00d52349c0b1ac0692774b31a97342330ef664b546fa3b8aa1d3a6c2

2b62b9481c0bcdf46a24a792f44e152ea5b7c5143cb06af9d82ff8c2c8433551

19ff0ce570aabefcab0eed08afdaffd16c5516d91962e099498ecaf97f394766

00ec82306c9df4aee9dda42933ed55afa9e53ed74c2018bc0ce43d87edad2f98

114de7d5e7dd6088f68705d519fc35530433506965ec5288e9dfb005bfec73c8

80.85.155.134

31.192.107.165

188.127.240.131

178.20.46.163

http://1tutor.ru/DESKTOP-ET51AJO_Bruno/9733698215789059.txt

http://1tutor.ru/DESKTOP-ET51AJO_Bruno/9733698215789059.au3

Download all indicators here!

Attack Patterns

Core Werewolf

T1567

T1012

T1021

T1518

T1105

T1071

T1219

T1036

T1027

T1059

Additional Informations

Defense

Government

Russian Federation