Kazuar: Anatomy of a nation-state botnet

This report provides an in-depth analysis of Kazuar, a sophisticated, modular peer-to-peer botnet attributed to the Russian FSB-affiliated actor known as Secret Blizzard. It documents delivery methods, three-module architecture (Kernel, Bridge, Worker), inter-process and external C2 communication (Windows Messaging, Mailslot, named pipes; HTTP, WSS, EWS), leader-election behavior to minimize visibility, extensive collection/exfiltration features, configuration options and operational tradecraft, mitigation guidance, and several SHA-256 indicators of compromise.