216.73.216.86

Head Mare: adventures of a unicorn in Russia and Belarus

· Published 02/09/2024 20:52 · Modified 02/09/2024 21:54

Export JSON

Essential information

Published
02/09/2024 20:52
Modified
02/09/2024 21:54
Tags
2024-09-02 CVE-2023-38831 babuk babyk belarus hacktivists lockbit phantomcore phantomdl phishing ransomware russia vasa locker
Related entities
1 vulnerabilities (cve), 52 observables, 1 intrusion sets (apt), 17 techniques (mitre), 6 malware, 6 others

Description

Head Mare is a hacktivist group targeting companies in and since 2023. They use campaigns exploiting the vulnerability in WinRAR for initial access. Their toolkit includes custom malware like and , as well as publicly available tools like Sliver, Mimikatz, and variants and . The group's goal appears to be causing maximum damage to Russian and Belarusian organizations, though they also demand ransoms. Head Mare uses various techniques for persistence, detection evasion, credential harvesting, and network exploration. Their attacks have impacted government, transportation, energy, manufacturing, and entertainment sectors.

External references