VERY IMPORTANT

Turla's Kazuar v3 loader employs sophisticated techniques to evade detection. It uses a VBScript to drop files and execute a native loader, which bypasses security measures and leverages COM for stealth. The loader utilizes control flow redirection, patchless ETW and AMSI bypasses, and COM integration to decrypt and execute three Kazuar v3 payloads (KERNEL, WORKER, BRIDGE) in memory. The attack chain is designed to be resilient and stealthy, exploiting trusted system processes to avoid detection. The malware uses modular architecture and COM subsystem integration to maintain a low profile while carrying out its malicious activities.