Malware Spotlight: A Deep-Dive Analysis of WezRat

SUMMARY :

Check Point Research provides a comprehensive analysis of WezRat, a custom modular infostealer attributed to the Iranian cyber group Emennet Pasargad. The malware has been active for over a year, targeting organizations in multiple countries. WezRat's capabilities include executing commands, taking screenshots, uploading files, keylogging, and stealing clipboard content and cookie files. The analysis reveals the malware's evolution, its modular architecture, and the threat actors' infrastructure. The latest version was distributed through a phishing campaign impersonating the Israeli National Cyber Directorate, demonstrating the group's ongoing development and refinement of this versatile cyber espionage tool.

OPENCTI LABELS :

backdoor,espionage,iran,phishing,infostealer,modular,wezrat,c&c


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Malware Spotlight: A Deep-Dive Analysis of WezRat