Head Mare: adventures of a unicorn in Russia and Belarus
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Head Mare is a hacktivist group targeting companies in Russia and Belarus since 2023. They use phishing campaigns exploiting the CVE-2023-38831 vulnerability in WinRAR for initial access. Their toolkit includes custom malware like PhantomDL and PhantomCore, as well as publicly available tools like Sliver, Mimikatz, and ransomware variants LockBit and Babuk. The group's goal appears to be causing maximum damage to Russian and Belarusian organizations, though they also demand ransoms. Head Mare uses various techniques for persistence, detection evasion, credential harvesting, and network exploration. Their attacks have impacted government, transportation, energy, manufacturing, and entertainment sectors.
OPENCTI LABELS :
phishing,ransomware,russia,cve-2023-38831,lockbit,belarus,vasa locker,babuk,phantomdl,phantomcore,babyk,hacktivists
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Head Mare: adventures of a unicorn in Russia and Belarus