Shapeshift

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Shapeshift is a sophisticated malware associated with other malicious software including DROPSHIFT, TURNEDUP, NANOCORE, NETWIRE, and ALFA Shell. This malware has been linked to APT33 (also known as Elfin or Refined Kitten), an Iranian hacking group notorious for its spear-phishing attacks against the aerospace and energy sectors. The Shapeshift malware exploits computer systems through suspicious downloads, emails, or websites, often infiltrating without the user's knowledge. Once inside, it can cause significant damage by stealing personal information, disrupting operations, or even holding data hostage for ransom. APT33 has employed Shapeshift in several notable incidents, using spear-phishing emails specifically targeted at employees whose roles are connected to the aviation industry. These targeted attacks have had significant impacts on both individuals and organizations within this sector. In one instance reported by The Hacker News in December 2022, a campaign dubbed "Peach Sandstorm" saw Iranian hackers, likely linked to APT33, strike the diamond industry, further demonstrating the group's broad range of targets and their use of Shapeshift malware. The rise of digital assets has also seen the co-opting of the industry by various groups, as reported in CoinGeek’s Crypto Crime Cartel series. Groups ranging from BitMEX to Binance, Bitcoin.com, Blockstream, ShapeShift, Coinbase, Ripple, Ethereum, FTX, and Tether have turned the industry into a minefield for both naive and experienced market players. While the direct involvement of Shapeshift malware in these activities is not explicitly stated, the association of the name suggests a potential link that warrants further investigation.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Phishing
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
APT33has used
1
APT33, an Iran-linked threat actor, has been identified as a significant cyber threat to the Defense Industrial Base sector. The group is known for its sophisticated and malicious activities, which primarily involve executing actions with harmful intent. APT33, like other threat actors, could be a s
Refined KittenUnspecified
1
Refined Kitten, also known as APT33, Peach Sandstorm, Elfin, HOLMIUM, and MAGNALIUM, is a threat actor group that has been active since at least 2013. Operating under various aliases, this group has been linked to several cyber espionage activities, primarily associated with the Iranian government.
Peach SandstormUnspecified
1
Peach Sandstorm, also known as Curious Serpens, APT33, Elfin, HOLMIUM, MAGNALIUM, and REFINED KITTEN, is a threat actor group believed to be linked to the Iranian nation-state. The group has been active since at least 2013 and has previously targeted sectors such as aerospace and energy for espionag
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Shapeshift Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
10 months ago
Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors
MITRE
a year ago
Advanced Persistent Threats (APTs) | Threat Actors & Groups
CERT-EU
10 months ago
Ripple bails out Fortress Trust after hackers steal customer assets | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting