Mocha ManakinMocha Manakin

Also known as: Mocha Manakin

Known aliases
1

Profile

Mocha Manakin is a threat actor that employs the paste and run technique for initial access, tricking users into executing scripts that download various payloads, including LummaC2, HijackLoader, and Vidar. This actor is notable for utilizing a bespoke NodeJS-based backdoor named NodeInitRAT, which facilitates persistence and reconnaissance activities while communicating with adversary-controlled servers over HTTP. Mocha Manakin has been linked to Interlock ransomware, and while direct ransomware activity has not been observed, there is moderate confidence that unmitigated activity may lead to such outcomes. The effectiveness of paste and run lures, distributed through methods like phishing and web browser injects, has contributed to the actor's increased scope and scale.

Aliases· 1

Mocha Manakin

References

  1. https://redcanary.com/blog/threat-intelligence/mocha-manakin-nodejs-backdoor/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Mustard Tempest
Software
MANITSME
Actor
Boolka
Actor
Mora_001
Actor
Larva-26002
Software
Moth
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.