Strikes with commercial malware against organizations in Kazakhstan
Aug. 1, 2024, 9:01 a.m.
Tags
External References
Description
BI.ZONE experts have been monitoring the activities of a threat group called Bloody Wolf since late 2023. This group targets organizations in Kazakhstan using STRRAT, a commercial malware known as Strigoi Master. The attackers employ phishing emails posing as communications from government agencies, with attached PDFs containing malicious links. These links lead to the download of STRRAT, along with a Java installation guide required for the malware's operation. The malware exhibits various capabilities, including keylogging, data exfiltration, remote control, and encryption of user files.
Date
Published: Aug. 1, 2024, 8:56 a.m.
Created: Aug. 1, 2024, 8:56 a.m.
Modified: Aug. 1, 2024, 9:01 a.m.
Indicators
ee113a592431014f44547b144934a470a1f7ab4abec70ba1052a4feb3d15d5c6
e35370cb7c8691b5fdd9f57f3f462807b40b067e305ce30eabc16e0642eca06b
cb55cf3e486f3cbe3756b9b3abf1673099384a64127c99d9065aa26433281167
a6fb286732466178768b494103e59a9e143d77d49445a876ebd3a40904e2f0b0
25c622e702b68fd561db1aec392ac01742e757724dd5276b348c11b6c5e23e59
14ec3d03602467f8ad2e26eef7ce950f67826d23fedb16f30d5cf9c99dfeb058
00172976ee3057dd6555734af28759add7daea55047eb6f627e5491701c3ec83
91.92.240.188
185.196.10.116
egov-kz.online
Attack Patterns
Strigoi Master
STRRAT
Bloody Wolf
T1023
T1073
T1572
T1567
T1114
T1083
T1543
T1134
T1036
T1592
T1204
T1553
T1112
T1056
T1563
T1059
Additional Informations
Kazakhstan