Core Werewolf hones its arsenal against Russia’s government…

216.73.217.98

Core Werewolf hones its arsenal against Russia’s government organizations

· Published 14/10/2024 11:03 · Modified 14/10/2024 11:15

Essential information

Published: 14/10/2024 11:03
Modified: 14/10/2024 11:15
Tags: 2024-10-14 autoit delivery loader russia telegram
Related entities: 25 observables, 1 intrusion sets (apt), 10 techniques (mitre), 3 others

Description

BI.ZONE Threat Intelligence continues monitoring a threat actor called Core Werewolf, which has targeted Russia's defense industry and critical infrastructure since 2021. In its recent campaigns, the adversary employed a new loader written in AutoIt and started delivering malicious files via Telegram messenger, in addition to email. The report highlights that threat actors experiment with various malware delivery methods and update their tools to evade detection. AutoIt remains a popular language for developing malware.

External references

https://bi-zone.medium.com/core-werewolf-hones-its-arsenal-against-russias-government-organizations-7fbe8cc58b27
https://otx.alienvault.com/pulse/670cfa812d76d38218641eb1