CL-STA-1009CL-STA-1009

Also known as: CL-STA-1009

Known aliases
1

Profile

CL-STA-1009 is a threat activity cluster associated with a suspected nation-state actor utilizing the Airstalk malware family, which includes both PowerShell and .NET variants. The .NET variant features a multi-threaded C2 protocol, versioning, and complex tasks, employing defense evasion techniques such as signed binaries with a revoked certificate and manipulation of PE timestamps. The malware is believed to have been used in supply chain attacks, with a development timeline established through signed timestamps. The persistent threat posed by this actor is underscored by the adaptive nature of the malware.

Aliases· 1

CL-STA-1009

References

  1. https://unit42.paloaltonetworks.com/new-windows-based-malware-family-airstalk/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
CL-STA-1087
Actor
CL-STA-1020
Actor
CL-STA-0043
Actor
Storm-0940
Actor
CL-UNK-1068
Actor
CL-STA-0048
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.