Mori

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Mori is a type of malware employed by the cyber threat group known as MuddyWater. The FBI, CISA, CNMF, and NCSC-UK have observed MuddyWater actors using various malware, including Mori, as part of their malicious activities. These include but are not limited to variants of PowGoop, Small Sieve, Canopy (also known as Starwhale), and POWERSTATS. Mori stands out among these due to its sophisticated backdoor capabilities. The Mori backdoor uses Domain Name System tunneling to communicate with MuddyWater's command-and-control (C2) infrastructure, as documented in MITRE ATT&CK's technique T1572. This allows it to maintain persistence within compromised networks and execute its harmful operations undetected. In addition to loading other malware, MuddyWater uses Mori for backdoor access, maintaining persistence (TA0003), and data exfiltration (TA0010). Detection of a Mori backdoor on a network is a clear indication of compromise, often signifying that the network has been targeted for espionage. The use of Mori and other similar malware types underscores the significant cybersecurity threats posed by sophisticated actor groups like MuddyWater. It is essential for organizations to maintain robust cybersecurity measures to detect and mitigate such threats promptly.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Malware
T1572
Espionage
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
POWERSTATSUnspecified
1
PowerStats is a malicious software (malware) created by the MuddyWater cyberespionage group, which is linked to Iran. This malware, written in PowerShell, was designed to exploit and damage computer systems, often infiltrating them without the user's knowledge through suspicious downloads, emails, o
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
MuddyWaterUnspecified
1
MuddyWater is an advanced persistent threat (APT) group, also known as Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros. This threat actor has been linked to the Iranian Ministry of Intelligence and Security (MOIS) according to a joint advisory from cybersecurity firms. The group empl
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Mori Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
5 months ago
Flop rock: inside the underground floppy disk music scene
MITRE
a year ago
Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks | CISA
MITRE
a year ago
Iranian intel cyber suite of malware uses open source tools
CERT-EU
a year ago
Search | arXiv e-print repository
CERT-EU
a year ago
Links 11/02/2023: Zstandard 1.5.4 Released and Red Hat Promotes Microsoft
CERT-EU
a year ago
Ataques em escolas: como autoridades podem combater radicalização em redes sociais - BBC News Brasil
CERT-EU
a year ago
Search | arXiv e-print repository
CERT-EU
a year ago
Practice of law: best practice in legal work
CERT-EU
a year ago
Business of law: best practice in legal work