Strikes with commercial malware against organizations in Kazakhstan

Aug. 1, 2024, 9:01 a.m.

Description

BI.ZONE experts have been monitoring the activities of a threat group called Bloody Wolf since late 2023. This group targets organizations in Kazakhstan using STRRAT, a commercial malware known as Strigoi Master. The attackers employ phishing emails posing as communications from government agencies, with attached PDFs containing malicious links. These links lead to the download of STRRAT, along with a Java installation guide required for the malware's operation. The malware exhibits various capabilities, including keylogging, data exfiltration, remote control, and encryption of user files.

External References

https://bi-zone.medium.com/bloody-wolf-strikes-organizations-in-kazakhstan-with-strrat-commercial-malware-c0cdff19931f
https://otx.alienvault.com/pulse/66ab4db9169a8fe22bb45c7b
Tags
phishing
data theft
remote access
2024-08-01
strrat
strigoi master

Date

  • Created: Aug. 1, 2024, 8:56 a.m.
  • Published: Aug. 1, 2024, 8:56 a.m.
  • Modified: Aug. 1, 2024, 9:01 a.m.

Indicators

  • ee113a592431014f44547b144934a470a1f7ab4abec70ba1052a4feb3d15d5c6
  • e35370cb7c8691b5fdd9f57f3f462807b40b067e305ce30eabc16e0642eca06b
  • cb55cf3e486f3cbe3756b9b3abf1673099384a64127c99d9065aa26433281167
  • a6fb286732466178768b494103e59a9e143d77d49445a876ebd3a40904e2f0b0
  • 25c622e702b68fd561db1aec392ac01742e757724dd5276b348c11b6c5e23e59
  • 14ec3d03602467f8ad2e26eef7ce950f67826d23fedb16f30d5cf9c99dfeb058
  • 00172976ee3057dd6555734af28759add7daea55047eb6f627e5491701c3ec83
  • 91.92.240.188
  • 185.196.10.116
  • egov-kz.online
Download all indicators here!

Attack Patterns

  • Strigoi Master
  • STRRAT
  • Bloody Wolf

Additional Informations

  • Kazakhstan