Basicstar

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Basicstar is a malicious software designed to exploit and damage computer systems, often infiltrating without the user's knowledge through suspicious downloads, emails, or websites. It is capable of stealing personal information, disrupting operations, or holding data hostage for ransom. There are different versions of this malware: a macOS version named NokNok, and another variant that uses a RAR archive and LNK exploit leading to a backdoor named Basicstar. Between September and October of the previous year, the Basicstar backdoor was utilized in attacks orchestrated by an Iranian advanced persistent threat operation known as Charming Kitten, which also goes by several other aliases including Charming Cypress, Mint Sandstorm, APT35, TA453, and Yellow Garuda. These attacks were specifically targeted at Middle East policy experts. The information about these cyberattacks came to light in February 2024, as reported by SC Magazine and The Hacker News. Charming Kitten employed a sophisticated phishing scheme to facilitate the download of the Basicstar malware. The attackers impersonated the Rasanah International Institute for Iranian Studies, luring targets into joining a fake webinar. Once the victims were ensnared, the Basicstar malware was downloaded onto their systems, enabling data exfiltration and remote command execution. This strategy and its impacts were detailed in a report by Volexity.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Yellow Garuda
1
Yellow Garuda, also known as Charming Kitten, APT35, Mint Sandstorm, and various other aliases, is a malware associated with an Iranian state-sponsored threat operation. It has been active since at least 2011, operating on behalf of Iran's Islamic Revolutionary Guard Corps (IRGC). The malware is des
Noknok
1
NokNok is a malicious software (malware) developed by the Iranian hacking group APT35, also known as Charming Kitten. It was discovered after the group targeted a US-based nuclear security expert with a sophisticated phishing attack. The attackers initiated several non-threatening email interactions
Charming Kitten
1
Charming Kitten, an Iranian Advanced Persistent Threat (APT) group, also known as ITG18, Phosphorous, and TA453, is a significant cybersecurity threat. This threat actor has been associated with numerous malicious activities, exhibiting advanced and sophisticated social-engineering efforts. The grou
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Backdoor
Phishing
Macos
Exploit
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Basicstar Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
5 months ago
Novel backdoor used in Charming Kitten attacks
DARKReading
5 months ago
Iran-Backed Charming Kitten Stages Fake Webinar Platform to Ensnare Targets
CERT-EU
5 months ago
Secure email gateways increasingly evaded by malicious emails