Full Report
2025-01-29 • Google • Conor Quigley, Luke Jenkins, Nino Isakovic • win.shadowpad Open article on Malpedia
Analysis Summary
The provided context describes a list of various threat intelligence articles and does not focus on a single threat actor described in detail. The context mentions several disparate topics: ScatterBrain/PoisonPlug, GootLoader, and a Hybrid Russian Espionage campaign using CraxsRAT, Pronsis Loader, and PureLogs Stealer.
Since the prompt requires summarizing information *from the provided description*, and the description is a catalog of different reports rather than a detailed report on one actor, I will synthesize the information available that relates to identifiable threat actors or related campaigns mentioned in the listing. The most detailed actionable entities mentioned are GootLoader and the Hybrid Russian Espionage campaign.
I will structure the summary based on the most clearly defined threat actor/campaign mentioned: **The Hybrid Russian Espionage Campaign**.
***
# Threat Actor: Hybrid Russian Espionage Campaign (Mentioned in context)
## Attribution & Identity
Attributed to state-sponsored actors likely operating on behalf of the Russian Federation. The campaign exhibits characteristics of espionage blended with influence operations.
## Activity Summary
A recent campaign (dated 2024-10-28) aims to compromise Ukrainian military recruits and simultaneously deliver anti-mobilization narratives.
## Tactics, Techniques & Procedures
(Specific TTPs are not detailed in the provided context snippet, only the outcome: compromise and narrative delivery.)
## Targeting
- Sectors: Military (specifically Ukrainian military recruits)
- Geography: Ukraine (Implied by targeting Ukrainian military recruits)
- Victims: Ukrainian military personnel/recruits
## Tools & Infrastructure
- Malware families used:
- CraxsRAT
- Pronsis Loader
- PureLogs Stealer
- Infrastructure (C2, domains, IPs - defang URLs):
- Not specified in the provided context snippet.
## Implications
The operation utilizes dual objectives: traditional espionage/access (via remote access trojans like CraxsRAT and loaders) and information warfare/influence operations targeting morale and recruitment within a conflict zone.
## Mitigations
(No specific mitigations are listed in the source context for this campaign.)
***
**Note on other entities mentioned in the context:**
* **ScatterBrain/PoisonPlug:** Mentioned in connection with an analysis of an obfuscator, but details are absent.
* **GootLoader:** Mentioned in connection with a detection method using Google Security Operations (dated 2024-11-01).