Mori

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
Mori is a type of malware employed by the cyber threat group known as MuddyWater. The FBI, CISA, CNMF, and NCSC-UK have observed MuddyWater actors using various malware, including Mori, as part of their malicious activities. These include but are not limited to variants of PowGoop, Small Sieve, Canopy (also known as Starwhale), and POWERSTATS. Mori stands out among these due to its sophisticated backdoor capabilities. The Mori backdoor uses Domain Name System tunneling to communicate with MuddyWater's command-and-control (C2) infrastructure, as documented in MITRE ATT&CK's technique T1572. This allows it to maintain persistence within compromised networks and execute its harmful operations undetected. In addition to loading other malware, MuddyWater uses Mori for backdoor access, maintaining persistence (TA0003), and data exfiltration (TA0010). Detection of a Mori backdoor on a network is a clear indication of compromise, often signifying that the network has been targeted for espionage. The use of Mori and other similar malware types underscores the significant cybersecurity threats posed by sophisticated actor groups like MuddyWater. It is essential for organizations to maintain robust cybersecurity measures to detect and mitigate such threats promptly.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Mori Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks | CISA
MITRE
a year ago
Iranian intel cyber suite of malware uses open source tools
CERT-EU
a year ago
Practice of law: best practice in legal work
CERT-EU
a year ago
Search | arXiv e-print repository
CERT-EU
a year ago
Business of law: best practice in legal work
CERT-EU
a year ago
Search | arXiv e-print repository
CERT-EU
a year ago
Ataques em escolas: como autoridades podem combater radicalização em redes sociais - BBC News Brasil
CERT-EU
a year ago
Links 11/02/2023: Zstandard 1.5.4 Released and Red Hat Promotes Microsoft
CERT-EU
3 months ago
Flop rock: inside the underground floppy disk music scene