Mythic Likho

Also known as: Arcane Werewolf, Mythic Likho

Arcane Werewolf has been observed targeting Russian manufacturing enterprises through phishing emails that lead to malicious links and spoofed websites. The actor has utilized ZIP archives containing malicious LNK files and a C++ dropper in their campaigns. Their infrastructure includes a C2 server disguised as a Russian manufacturing company website. Kaspersky researchers have noted their evolving TTPs, indicating either a new group or one that has significantly improved its methods.

Introduction

Arcane Werewolf has been observed targeting Russian manufacturing enterprises through phishing emails that lead to malicious links and spoofed websites. The actor has utilized ZIP archives containing malicious LNK files and a C++ dropper in their campaigns. Their infrastructure includes a C2 server disguised as a Russian manufacturing company website. Kaspersky researchers have noted their evolving TTPs, indicating either a new group or one that has significantly improved its methods.

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • Archelaus Beta

Attribution and Evidence

Information pending cataloguing.

References

References pending cataloguing.