SharpStage

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
SharpStage is a new malware that was recently discovered being used by the Molerats threat actor. This malware is a backdoor that allows an attacker to gain unauthorized access to a compromised system and perform various malicious activities, such as stealing sensitive data or downloading other malware. SharpStage is written in .NET and depends on a traditional command and control (C2) server. Along with the SharpStage backdoor, the Molerats threat actor also used another backdoor called DropBook, which works in conjunction with SharpStage to download additional malware from a Dropbox storage controlled by the attacker. Additionally, MoleNet, a previously undocumented malware downloader, was also used in recent operations. One of the notable features of SharpStage is its integration with Dropbox API, allowing for easy data download and exfiltration. However, unlike DropBook, SharpStage relies on a C2 server for communication with the attacker. The discovery of SharpStage highlights the ongoing threat of sophisticated malware attacks and the importance of implementing robust security measures to protect against them.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Dropbox
Backdoor
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
DropBookUnspecified
1
DropBook is a new type of malware that allows attackers to gain unauthorized access to computers and networks. It is a backdoor that can be used to steal personal information, disrupt operations, or hold data for ransom. DropBook is part of the Molerats threat actor's arsenal of tools and was used i
MoleNetUnspecified
1
None
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
MoleratsUnspecified
1
Molerats, also known as Gaza Cybergang Group1, is a threat actor linked to Hamas that has been active for over a decade. This low-budget group has been tracked by researchers under various names including Molerats, Gaza Cybergang, Frankenstein, WIRTE, and Proofpoint’s TA402 designation. Among 16 Adv
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the SharpStage Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Hacking group’s new malware abuses Google and Facebook services