Today > | 8 High | 5 Medium | 1 Low vulnerabilities   -   You can now download lists of IOCs here!

Strikes with commercial malware against organizations in Kazakhstan

Aug. 1, 2024, 9:01 a.m.

Description

BI.ZONE experts have been monitoring the activities of a threat group called Bloody Wolf since late 2023. This group targets organizations in Kazakhstan using STRRAT, a commercial malware known as Strigoi Master. The attackers employ phishing emails posing as communications from government agencies, with attached PDFs containing malicious links. These links lead to the download of STRRAT, along with a Java installation guide required for the malware's operation. The malware exhibits various capabilities, including keylogging, data exfiltration, remote control, and encryption of user files.

Date

Published: Aug. 1, 2024, 8:56 a.m.

Created: Aug. 1, 2024, 8:56 a.m.

Modified: Aug. 1, 2024, 9:01 a.m.

Indicators

ee113a592431014f44547b144934a470a1f7ab4abec70ba1052a4feb3d15d5c6

e35370cb7c8691b5fdd9f57f3f462807b40b067e305ce30eabc16e0642eca06b

cb55cf3e486f3cbe3756b9b3abf1673099384a64127c99d9065aa26433281167

a6fb286732466178768b494103e59a9e143d77d49445a876ebd3a40904e2f0b0

25c622e702b68fd561db1aec392ac01742e757724dd5276b348c11b6c5e23e59

14ec3d03602467f8ad2e26eef7ce950f67826d23fedb16f30d5cf9c99dfeb058

00172976ee3057dd6555734af28759add7daea55047eb6f627e5491701c3ec83

91.92.240.188

185.196.10.116

egov-kz.online

Attack Patterns

Strigoi Master

STRRAT

Bloody Wolf

T1023

T1073

T1572

T1567

T1114

T1083

T1543

T1134

T1036

T1592

T1204

T1553

T1112

T1056

T1563

T1059

Additional Informations

Kazakhstan