{
  "name": "Werewolf Sharpening Known Stealer for New Attacks",
  "slug": "werewolf-sharpening-known-stealer-for-new-attacks",
  "description": "An analysis reveals that threat actors have developed custom malware based on the open-source SapphireStealer to harvest credentials from employees of Russian companies. The malicious operation involves deploying a modified version of the stealer malware, specifically tailored to target organizations within Russia, with the aim of exfiltrating authentication data from their systems.",
  "published": "2024-05-29T09:01:07+00:00",
  "created_at": "2024-05-29T09:01:07+00:00",
  "modified_at": "2024-05-29T09:29:51+00:00",
  "created_at_opencti": "2024-05-29T09:01:07+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-05-29",
    "sapphire werewolf",
    "sapphirestealer"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "5c01531a6b7f25b92e9a2d0d67fe7057813140d2c60dc0bb356b190aa91a5857"
      },
      {
        "id": "",
        "name": "301d00aeae52011530370dcf32d0b68ebdcec291d94501b90a44dcc9a714e595"
      },
      {
        "id": "",
        "name": "204bcbb030856bfbd7f4b5edad94e17e61a3d44cde88dbcf4f6a30adb786d1a6"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:31a5386abeb93099",
        "name": "SapphireStealer",
        "slug": "sapphirestealer"
      }
    ],
    "intrusion_sets": [
      {
        "id": "82e11673-e2eb-4251-84d8-f2daf790bfbb",
        "name": "Sapphire Werewolf",
        "slug": "sapphire-werewolf"
      }
    ],
    "attack_patterns": [
      {
        "id": "2969e5a7-1049-4df8-b1ba-8a0675de6b94",
        "name": "T1589"
      },
      {
        "id": "232fbdfa-94c6-443d-b575-373e75b4f4c2",
        "name": "T1567"
      },
      {
        "id": "8e0fea81-4d54-4e88-a7dd-3aa8b26558ed",
        "name": "T1113"
      },
      {
        "id": "bb20a9e1-f4f6-459d-94f4-470c6867dc2d",
        "name": "T1053"
      },
      {
        "id": "74d6e294-54d1-4a21-9dfc-df5870f8ec8e",
        "name": "T1003"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Russian Federation"
      }
    ]
  },
  "external_refs": [
    "https://otx.alienvault.com/pulse/66570af4938058148e728779"
  ]
}