MimiStick — imitators of Sticky Werewolf
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
F.A.C.C.T. Threat Intelligence discovered a malicious file targeting Russian defense industry enterprises. Initially thought to be the work of Sticky Werewolf, further analysis revealed a new threat actor named MimiStick. The attack used a PDF lure mimicking a letter from the Russian Ministry of Labor. The malware employed a multi-stage infection chain, ultimately deploying a Sliver implant. Later findings confirmed the campaign was indeed Sticky Werewolf, who had expanded their toolkit to include Sliver implant alongside their existing Quasar RAT. The group registered multiple domains, including one impersonating the Ministry of Labor, likely for future phishing campaigns.
OPENCTI LABELS :
mimistick
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
MimiStick — imitators of Sticky Werewolf