Understanding the Snake's Habits: New ReaverBits Tools in Attacks on Russian Companies

Feb. 26, 2025, 10:16 a.m.

Description

The ReaverBits cybercriminal group, active since late 2023, has been conducting targeted attacks on Russian organizations in key sectors. Their recent activities, observed between September 2024 and January 2025, showcase an evolution in their tactics and malware arsenal. The group continues to use spoofing methods in phishing attacks and stealer-class malware, but has introduced new tools including the publicly available Meduza Stealer and the unique ReaverDoor malware. Their attacks involve sophisticated infection chains, utilizing modified open-source tools as downloaders and complex encryption schemes. The group's persistence and adaptability are evident in their continued focus on Russian targets and the development of more advanced malware, indicating preparations for potentially larger-scale attacks.

External References

https://otx.alienvault.com/pulse/67bee29bb12637217901a305
Tags
meduza stealer
bitbucket
2025-02-26
reaverdoor

Date

  • Created: Feb. 26, 2025, 9:44 a.m.
  • Published: Feb. 26, 2025, 9:44 a.m.
  • Modified: Feb. 26, 2025, 10:16 a.m.

Indicators

  • e9568cd742af5d6f2facbd789cfe349b13518524eab518e6d3bb99ac3809b6dd
  • fd97409a782b56886ee0afa33c556d943a8408c053c925d3aa4af979a4c7515d
  • dd9fa916c5f14c66b2e83243808072d2b084828167f9f2029366c91023c49532
  • d40224818c5740d0dbf5990d7d457ba64f32e5fe573da74ce6c970210f4eacca
  • d0253d173616a7e2dc12fdd10682ca2581da0ac8d4f7af6e7365a571e353398d
  • c8a9b64552498453d15fddfa92f550b178ebb4db14d7335052c1b95e681810a8
  • c2c873a1b504913d15d78683d138d066c22860ded6ffef15d4704b0798062090
  • c6ca6f9b13357b345e64ae7114278bbb8be3fdfcb84a6efb6ac3146cb05f81f4
  • afd25c8d50076ca33135a1c58c4e41648020beb11d24b85feaaaf28c668df48a
  • a6cdfba0c7cdeb09ec0cb07907a1d85040938df924b3f937f4d5e8c503b4d77d
  • a9c94fc0d0538736647fcb49891b273ed3d6166692dbe2f56a94f6a9ffacf12b
  • 97138f6ec7bcf48d15a6decb513974fd3923a59c87b46072d4cec4dcab515495
  • 94f7c56f0c6b2487fac7b51bc5e3d00525b8b3347c88b85643c596a5c225278b
  • 88b5797f60912b551a7b7e90c73e16adb4cecbb21e812857819d14b50b40e92a
  • 87e958acaff20e8cbcbf7febbf216f327ac5a8d816eafdc0f16ceee39bc2a0a4
  • 850a577ac47759faabdda4bcf39876cfcfd2ec4ec549402e1cb22b3c2f47e4b3
  • 7bef68a99e3396721ed90e5d7257da53c33aa7a2c9ea8c376922b922ee05ae89
  • 5a9a05d8b295d6c1ac506532cdbf631ad538a8e33e0d4bc9bc486851ff00cb10
  • 40cca59d4fbd36e423862f76d389d632225cb22fb28d055f021449f2db6f9e99
  • 1c0916151fecb515237bb36bc533db16449990cdcc37c3c5e801b76977d1df8e
  • 11e036461b9dfa27fda024e77cd993a2052211c87a01ef4957515fc4ae71dac2
  • 5.42.73.251
  • 62.197.48.140
  • 45.136.196.76
  • https://openmailertrack.com/pc43K9?email_from=
  • openmailertrack.com
  • alarti.ru
Download all indicators here!

Attack Patterns

  • ReaverDoor
  • Meduza Stealer
  • ReaverBits
  • T1218.010
  • T1059.006
  • T1053.005
  • T1055.012
  • T1547.001
  • T1105
  • T1204
  • T1140
  • T1027
  • T1566
  • T1078

Additional Informations

  • Biotechnology
  • Agriculture
  • Retail
  • Finance
  • Telecommunications
  • Russian Federation