Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Malware Spotlight: A Deep-Dive Analysis of WezRat

Nov. 15, 2024, 9 a.m.

Description

Check Point Research provides a comprehensive analysis of WezRat, a custom modular infostealer attributed to the Iranian cyber group Emennet Pasargad. The malware has been active for over a year, targeting organizations in multiple countries. WezRat's capabilities include executing commands, taking screenshots, uploading files, keylogging, and stealing clipboard content and cookie files. The analysis reveals the malware's evolution, its modular architecture, and the threat actors' infrastructure. The latest version was distributed through a phishing campaign impersonating the Israeli National Cyber Directorate, demonstrating the group's ongoing development and refinement of this versatile cyber espionage tool.

Date

Published: Nov. 14, 2024, 7:13 p.m.

Created: Nov. 14, 2024, 7:13 p.m.

Modified: Nov. 15, 2024, 9 a.m.

Attack Patterns

WezRat

Emennet Pasargad

T1027.004

T1552.001

T1132.001

T1573.001

T1555.003

T1115

T1547.001

T1012

T1056.001

T1113

T1071.001

T1016

T1082

T1057

T1105

T1083

T1033

T1027

T1059

Additional Informations

Government

Sweden

France

Israel

United States of America