Malware or LLM? Silent Werewolf employs new loaders to attack Russian and Moldovan organizations
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Silent Werewolf has launched two new campaigns targeting Russian and Moldovan organizations, utilizing sophisticated loaders to deliver malicious payloads. The attacks employ phishing emails with ZIP attachments containing obfuscated C# loaders. These loaders use legitimate tools and code obfuscation to evade detection. The first campaign exclusively targeted Russian energy, aircraft, and engineering sectors, while the second focused on both Moldovan and Russian entities. The adversaries hinder payload retrieval, making analysis challenging. They also utilize the Llama 2 large language model in some instances to bypass defenses. The campaigns demonstrate the threat actor's evolving tactics and their continued focus on espionage in the region.
OPENCTI LABELS :
phishing,obfuscation,c# loader,xdigo
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Malware or LLM? Silent Werewolf employs new loaders to attack Russian and Moldovan organizations