{
  "name": "Scaly Wolf\u2019s new loader: the right tool for the wrong job",
  "slug": "scaly-wolfs-new-loader-the-right-tool-for-the-wrong-job",
  "description": "The report analyzes a recent campaign by the Scaly Wolf threat group targeting organizations in Russia and Belarus. The group employs phishing emails disguised as communications from government agencies, containing legitimate documents and password-protected archives with malicious executables. The executable is a loader that injects the White Snake stealer malware into the explorer.exe process, evading detection through anti-virtualization checks and kernel calls instead of WinAPI. The White Snake malware harvests credentials and sensitive data from compromised systems.",
  "published": "2024-05-02T12:48:51+00:00",
  "created_at": "2024-05-02T12:48:51+00:00",
  "modified_at": "2024-05-02T13:17:25+00:00",
  "created_at_opencti": "2024-05-02T12:48:51+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "infostealer",
    "phishing",
    "white snake",
    "winapi"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "66.42.56.128"
      },
      {
        "id": "",
        "name": "64.227.21.98"
      },
      {
        "id": "",
        "name": "45.61.136.52"
      },
      {
        "id": "",
        "name": "45.61.136.13"
      },
      {
        "id": "",
        "name": "23.248.176.37"
      },
      {
        "id": "",
        "name": "23.224.102.6"
      },
      {
        "id": "",
        "name": "216.250.190.139"
      },
      {
        "id": "",
        "name": "212.6.44.53"
      },
      {
        "id": "",
        "name": "206.189.109.146"
      },
      {
        "id": "",
        "name": "193.142.58.127"
      },
      {
        "id": "",
        "name": "192.99.196.191"
      },
      {
        "id": "",
        "name": "185.217.98.121"
      },
      {
        "id": "",
        "name": "185.119.118.59"
      },
      {
        "id": "",
        "name": "164.90.185.9"
      },
      {
        "id": "",
        "name": "154.26.128.6"
      },
      {
        "id": "",
        "name": "149.88.44.159"
      },
      {
        "id": "",
        "name": "144.126.132.141"
      },
      {
        "id": "",
        "name": "116.202.101.219"
      },
      {
        "id": "",
        "name": "107.161.20.142"
      },
      {
        "id": "",
        "name": "104.248.208.221"
      },
      {
        "id": "",
        "name": "cbabd91fb0c1c83867f71e8df19c131ac6fb3b3f3f74765bc24924cb9d51ad41"
      },
      {
        "id": "",
        "name": "93948c7fb89059e1f63af04feef0a0834b65b18ffaf6610b419adbc0e271e23d"
      },
      {
        "id": "",
        "name": "10330fcc378db73346501b2a26d2c749f51cacd962b54c62aa017dd9c1ed77c3"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:b9d926d89f1058d6",
        "name": "White Snake",
        "slug": "white-snake"
      }
    ],
    "intrusion_sets": [
      {
        "id": "eeae0e38-0a41-4406-bd09-4379e2e7acd1",
        "name": "Scaly Wolf",
        "slug": "scaly-wolf"
      }
    ],
    "attack_patterns": [
      {
        "id": "7da151b8-315c-4726-be18-0b571f2760c2",
        "name": "T1559.001"
      },
      {
        "id": "e6c0ca23-78ee-4b0e-96fa-e80efab3665d",
        "name": "T1003.001"
      },
      {
        "id": "14ea0786-b57c-4a30-8e4e-46944d17eb18",
        "name": "T1036.004"
      },
      {
        "id": "40f0d8e3-bcd7-4b97-a958-f55815698fc5",
        "name": "T1053.005"
      },
      {
        "id": "05ac27d4-58d0-44b2-a984-cd5aefd1f7f9",
        "name": "T1497.001"
      },
      {
        "id": "93b2c4dd-5523-4464-8976-78754ee372fd",
        "name": "T1012"
      },
      {
        "id": "32817170-4c07-427e-b8a5-80a733ae2550",
        "name": "T1497"
      },
      {
        "id": "97d377d8-89c7-48f8-a79f-0f48bd60df74",
        "name": "T1005"
      },
      {
        "id": "dc410646-9cdd-427b-92e7-179a54f78f90",
        "name": "T1566.001"
      },
      {
        "id": "c3af9fd7-d307-4df4-9220-cc627938fb85",
        "name": "T1055"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Belarus"
      },
      {
        "id": "",
        "name": "Russian Federation"
      }
    ]
  },
  "external_refs": [
    "https://bi-zone.medium.com/scaly-wolfs-new-loader-the-right-tool-for-the-wrong-job-0b36d4c20c88",
    "https://otx.alienvault.com/pulse/6633a7d33e50ab19ed022c7e"
  ]
}