The ticket that doesn't exist: a new threat discovered - FakeTicketer

Jan. 22, 2025, 10:16 a.m.

Description

A new threat actor named FakeTicketer has been identified by F.A.C.C.T. Threat Intelligence, operating since June 2024 with a focus on espionage. The actor targets government officials and sports functionaries using malicious software disguised as tickets for Russian Premier League football matches and rowing competitions. The malware, named Zagrebator, includes a stealer, remote access trojan (RAT), and dropper capable of stealing browser data. FakeTicketer later shifted to using official documents as lures, including school certificates and regulatory acts. The malware components, Zagrebator.Dropper, Zagrebator.RAT, and Zagrebator.Stealer, work together to infiltrate systems, exfiltrate data, and maintain persistence.

External References

https://habr.com/ru/companies/f_a_c_c_t/news/874046
https://otx.alienvault.com/pulse/6790b6b15e761078aa14238b
Tags
espionage
rat
phishing
stealer
dropper
government
2025-01-22
sports
zagrebator
zagrebator.stealer
zagrebator.dropper
zagrebator.rat

Date

  • Created: Jan. 22, 2025, 9:13 a.m.
  • Published: Jan. 22, 2025, 9:13 a.m.
  • Modified: Jan. 22, 2025, 10:16 a.m.

Attack Patterns

  • Zagrebator.Stealer
  • Zagrebator.RAT
  • Zagrebator.Dropper
  • FakeTicketer

Additional Informations

  • Sports
  • Government
  • Russian Federation