{"id":12559,"date":"2018-09-12T21:30:00","date_gmt":"2018-09-12T21:30:00","guid":{"rendered":"https:\/\/www.darkreading.com\/attacks-breaches\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\/d\/d-id\/1332806"},"modified":"2018-09-12T21:30:00","modified_gmt":"2018-09-12T21:30:00","slug":"modular-malware-brings-stealthy-attacks-to-former-soviet-states","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\/","title":{"rendered":"Modular Malware Brings Stealthy Attacks to Former Soviet States"},"content":{"rendered":"<header>\n<\/header>\n<p><span class=\"strong black\">A new malware technique is making phishing attacks harder to spot when they succeed.<\/span> <\/p>\n<p class=\"\">Modular downloaders aren&#8217;t new to the world of malware, but a new campaign featuring modular software launched by a major criminal group is drawing the attention of threat researchers. The attacks, so far targeting Russia and the former Soviet republics of the Commonwealth of Independent States (CIS), could presage new tactics aimed at victims around the world.<\/p>\n<p>Researchers at Proofpoint discovered <a href=\"https:\/\/www.proofpoint.com\/us\/threat-insight\/post\/new-modular-downloaders-fingerprint-systems-part-3-cobint\" target=\"_blank\">a pair of modular downloaders<\/a> this summer and noticed two unusual factors in their use. First, the loaders were conducting reconnaissance on the infected system to decide whether the full payload will be downloaded. Second, the loaders, with very small and carefully obfuscated footprints, were being launched by the Cobalt Group, a major criminal organization previously tied to activities such as ATM jackpotting and to other large criminal groups.<\/p>\n<p>&#8220;This is the first time we&#8217;ve seen a real shift to have a number of major actors using these tiny downloaders,&#8221; says Chris Dawson, threat intelligence lead at Proofpoint. The new modular downloader \u2014 dubbed &#8220;CobInt&#8221; by <a href=\"https:\/\/www.group-ib.com\/blog\/renaissance\" target=\"_blank\">researchers at Group-IB<\/a> for the organization launching the attack and the name of a .DLL used in the malware\u00a0\u2014 is &#8220;small, it&#8217;s stealthy, and it&#8217;s pretty well-obfuscated,&#8221; he adds. &#8220;It&#8217;s difficult to detect if you don&#8217;t know what you&#8217;re looking for.&#8221;\u00a0\u00a0<\/p>\n<p>The process of infecting a target machine is a three-step flow, with each step adding functionality, Dawson explains. The first module is an email with an attachment carrying the initial exploit. If the exploit code, typically a .VBS exploit, can execute, it immediately sends a request for the second-stage downloader. This downloader, written in C, will do reconnaissance on the target system to determine whether certain security measures are running, the system is within a sandbox, or has qualities indicating that it might trap the malware. If the system is &#8220;clean&#8221; (from the malware&#8217;s perspective), then it downloads the final payload and establishes persistence on the computer.<\/p>\n<p>Each of the three modules is small and uses multiple layers of obfuscation to avoid detection. &#8220;It&#8217;s unusual to see this level of obfuscation, and we&#8217;ve seen it three times in a row by high-profile actors,&#8221; says Dawson, referring to separate campaigns researchers have found using the same modular software in the space of a few weeks.<\/p>\n<p>And while the process has multiple steps, it doesn&#8217;t mean that security professionals can look for the malware at their leisure. &#8220;The total time is seconds \u2014 it&#8217;s very quick,&#8221; Dawson says.<\/p>\n<p>So far, the specific code in use is particular to one criminal organization, and Dawson thinks it will stay that way. &#8220;This is likely going to remain a Cobalt Group tool. Aside from using Cobalt Strike, which is a readily available tool, they use custom software,&#8221; he explains.<\/p>\n<p>But in the world of criminal IT activity, the Cobalt Group&#8217;s success will be noticed. &#8220;We&#8217;ve seen these techniques spreading through other groups,&#8221; Dawson says. &#8220;We see a group that tends to be a good barometer using the technique, and if <a href=\"https:\/\/www.proofpoint.com\/us\/threat-insight\/post\/ta505-shifts-times\" target=\"_blank\">TA505<\/a> is using this, it indicates that others with follow in their wake.&#8221;<\/p>\n<p>Asked whether he sees these campaigns spreading outside the CIS states, Dawson points out that they are, so far, very specific. &#8220;In general, it&#8217;s Russian language [phishing] hitting organizations in the region,&#8221; he says. But there&#8217;s no technical reason that another group can&#8217;t adopt the technique \u2014 if not the actual code \u2014 for use anywhere in the world.<\/p>\n<p><strong>Related content:<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png\" alt=\"\" width=\"468\" height=\"60\"\/><\/p>\n<p><em><strong>\u00a0<\/strong><\/em><\/p>\n<p><em><strong>Black Hat Europe returns to London Dec 3-6 2018\u00a0 with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall.\u00a0<\/strong><\/em><em><strong>Click for information on the <a href=\"https:\/\/www.blackhat.com\/eu-18\/\" target=\"_blank\">conference<\/a>\u00a0and <a href=\"https:\/\/blackhat.tech.ubm.com\/europe\/2018\/?_mc=nlad_x_insecr_le_tsnr_insec_x_x-bht&amp;\" target=\"_blank\">to register.<\/a><\/strong><\/em><\/p>\n<p><span class=\"italic\">Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and &#8230; <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=512\">View Full Bio<\/a><\/span> <\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p> Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\/d\/d-id\/1332806?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new malware technique is making phishing attacks harder to spot when they succeed. Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\/d\/d-id\/1332806?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-12559","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Modular Malware Brings Stealthy Attacks to Former Soviet States 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Modular Malware Brings Stealthy Attacks to Former Soviet States 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-09-12T21:30:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Modular Malware Brings Stealthy Attacks to Former Soviet States\",\"datePublished\":\"2018-09-12T21:30:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\\\/\"},\"wordCount\":693,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\\\/\",\"name\":\"Modular Malware Brings Stealthy Attacks to Former Soviet States 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png\",\"datePublished\":\"2018-09-12T21:30:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\\\/#primaryimage\",\"url\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png\",\"contentUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/MarilynCohodas\\\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Modular Malware Brings Stealthy Attacks to Former Soviet States\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Modular Malware Brings Stealthy Attacks to Former Soviet States 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\/","og_locale":"en_US","og_type":"article","og_title":"Modular Malware Brings Stealthy Attacks to Former Soviet States 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-09-12T21:30:00+00:00","og_image":[{"url":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Modular Malware Brings Stealthy Attacks to Former Soviet States","datePublished":"2018-09-12T21:30:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\/"},"wordCount":693,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\/","url":"https:\/\/www.threatshub.org\/blog\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\/","name":"Modular Malware Brings Stealthy Attacks to Former Soviet States 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png","datePublished":"2018-09-12T21:30:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\/#primaryimage","url":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png","contentUrl":"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/modular-malware-brings-stealthy-attacks-to-former-soviet-states\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Modular Malware Brings Stealthy Attacks to Former Soviet States"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/12559","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=12559"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/12559\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=12559"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=12559"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=12559"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}