Basicstar

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
Basicstar is a malicious software designed to exploit and damage computer systems, often infiltrating without the user's knowledge through suspicious downloads, emails, or websites. It is capable of stealing personal information, disrupting operations, or holding data hostage for ransom. There are different versions of this malware: a macOS version named NokNok, and another variant that uses a RAR archive and LNK exploit leading to a backdoor named Basicstar. Between September and October of the previous year, the Basicstar backdoor was utilized in attacks orchestrated by an Iranian advanced persistent threat operation known as Charming Kitten, which also goes by several other aliases including Charming Cypress, Mint Sandstorm, APT35, TA453, and Yellow Garuda. These attacks were specifically targeted at Middle East policy experts. The information about these cyberattacks came to light in February 2024, as reported by SC Magazine and The Hacker News. Charming Kitten employed a sophisticated phishing scheme to facilitate the download of the Basicstar malware. The attackers impersonated the Rasanah International Institute for Iranian Studies, luring targets into joining a fake webinar. Once the victims were ensnared, the Basicstar malware was downloaded onto their systems, enabling data exfiltration and remote command execution. This strategy and its impacts were detailed in a report by Volexity.
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Basicstar Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
3 months ago
Novel backdoor used in Charming Kitten attacks
CERT-EU
3 months ago
Secure email gateways increasingly evaded by malicious emails
DARKReading
3 months ago
Iran-Backed Charming Kitten Stages Fake Webinar Platform to Ensnare Targets