Espionage cluster Paper Werewolf engages in destructive behavior
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The Paper Werewolf cluster, also known as GOFFEE, has increased its activity, targeting Russian organizations in government, energy, finance, and media sectors. Their primary method involves phishing emails with malicious Microsoft Word attachments containing macros. The group has evolved from cyber espionage to actively disrupting compromised infrastructures. They utilize PowerShell scripts, custom malware, and post-exploitation frameworks like Mythic. The attackers employ techniques such as reverse shells, credential interception, and destructive actions like changing passwords and deleting registry keys. Their arsenal includes tools like PowerRAT, Owowa, and Chisel. The group's sophisticated approach combines open-source frameworks with custom implants, making detection challenging.
OPENCTI LABELS :
powershell,phishing,powerrat,qwakmyagent,goffee,powertaskel,freyja,owowa
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Espionage cluster Paper Werewolf engages in destructive behavior