StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations
Tags
country: Chile Germany India Iran Israel Italy
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Scheduled Task - T1053.005 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Powershell - T1086 Scheduled Task - T1053 Screen Capture - T1113 Screen Capture
Show in Graph
Common Information
Type Value
UUID ddf2836f-c74d-49e4-ae33-556b3f0738bb
Fingerprint 97a319dbab270202
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 1, 2022, midnight
Added to db Sept. 11, 2022, 12:46 p.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations
Title StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations
Detected Hints/Tags/Attributes 90/2/10
Source URLs
Redirection Url
Details Source https://www.cybereason.com/blog/strifewater-rat-iranian-apt-moses-staff-adds-new-trojan-to-ransomware-operations
URL Provider
Details Provider Source level domain
Details cybereason.com www.cybereason.com
Attributes
Details Type #Events CTI Value
Details Domain 2 
techzenspace.com
Details File 312 
calc.exe
Details File 1 
c:\users\public\calc.exe
Details File 2127 
cmd.exe
Details File 2 
index8.php
Details File 4 
index3.php
Details File 2 
c:\users\public\libraries\async.dat
Details File 1 
async.dat
Details IPv4 2 
87.120.8.210
Details Pdb 1 
c:\users\win8\desktop\ishdar_win8\1\x64\release\brokerhost.pdb