IR

Storm-1084Storm-1084

Also known as: DEV-1084 · Storm-1084

Origin
IR
Known aliases
2

Profile

Storm-1084 is a threat actor that has been observed collaborating with the MuddyWater group. They have used the DarkBit persona to mask their involvement in targeted attacks. Storm-1084 has been linked to destructive actions, including the encryption of on-premise devices and deletion of cloud resources. They have been observed using tools such as Rport, Ligolo, and a customized PowerShell backdoor. The extent of their autonomy or collaboration with other Iranian threat actors is currently unclear.

Aliases· 2

DEV-1084Storm-1084

References

  1. https://circleid.com/posts/20230824-signs-of-muddywater-developments-found-in-the-dns
  2. https://www.microsoft.com/en-us/security/blog/2023/04/07/mercury-and-dev-1084-destructive-attack-on-hybrid-environment/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Storm-1044
Actor
Storm-0826
Actor
Storm-1674
Actor
Storm-0940
Actor
Storm-1286
Actor
Storm-1283
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.