Malware Spotlight: A Deep-Dive Analysis of WezRat
Nov. 15, 2024, 9 a.m.
Tags
External References
Description
Check Point Research provides a comprehensive analysis of WezRat, a custom modular infostealer attributed to the Iranian cyber group Emennet Pasargad. The malware has been active for over a year, targeting organizations in multiple countries. WezRat's capabilities include executing commands, taking screenshots, uploading files, keylogging, and stealing clipboard content and cookie files. The analysis reveals the malware's evolution, its modular architecture, and the threat actors' infrastructure. The latest version was distributed through a phishing campaign impersonating the Israeli National Cyber Directorate, demonstrating the group's ongoing development and refinement of this versatile cyber espionage tool.
Date
Published: Nov. 14, 2024, 7:13 p.m.
Created: Nov. 14, 2024, 7:13 p.m.
Modified: Nov. 15, 2024, 9 a.m.
Attack Patterns
WezRat
Emennet Pasargad
T1027.004
T1552.001
T1132.001
T1573.001
T1555.003
T1115
T1547.001
T1012
T1056.001
T1113
T1071.001
T1016
T1082
T1057
T1105
T1083
T1033
T1027
T1059
Additional Informations
Government
Sweden
France
Israel
United States of America