Quicksand

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Quicksand is a type of malware designed to exploit and damage computer systems. It infiltrates devices through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. This malicious software was notably used in Operation Quicksand, an offensive cyber attack launched by Static Kitten against Israeli organizations. The operation was detailed in a report published by ClearSky Cyber Security in October 2020. Operation Quicksand was reportedly conducted in October 2020, coinciding with peace deal negotiations between Israel and UAE that were expected to create 15,000 jobs and generate $2 billion in revenue on each side. The operation involved the use of the file-storage service OneHub and targeted prominent Israeli organizations. Static Kitten employed two lure ZIP files to trick users into downloading what they believed to be a report on relations between Arab countries and Israel or a file relating to scholarships. The motivation behind the targeting of specific regions could be attributed to various geopolitical factors. For instance, Kuwait's Ministry of Foreign Affairs had publicly expressed its willingness to mediate between Iran and Saudi Arabia, which may have influenced the decision to target this region. Furthermore, other major IT firms have also been targeted by similar intrusions, indicating a broader pattern of cyber attacks. As such, it is crucial for organizations to remain vigilant and employ robust cybersecurity measures to protect against such threats.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
t1204.002
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Static KittenUnspecified
1
Static Kitten, also known as MuddyWater, Mercury, Mango Sandstorm, and TA450, is an Iranian government-sponsored hacking group suspected to be linked to the Iranian Ministry of Intelligence and Security. The group has been active since 2017 and is notorious for its cyber-espionage activities. Static
MuddyWaterUnspecified
1
MuddyWater is an advanced persistent threat (APT) group, also known as Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros. This threat actor has been linked to the Iranian Ministry of Intelligence and Security (MOIS) according to a joint advisory from cybersecurity firms. The group empl
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Quicksand Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
BA Depicted by OCR as Example of Ransomware Dangers Recovered Quickly, Didn’t Expect Fine
MITRE
a year ago
Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies