Mocha ManakinMocha Manakin

Also known as: Mocha Manakin

Known aliases
1

Profile

Mocha Manakin is a threat actor that employs the paste and run technique for initial access, tricking users into executing scripts that download various payloads, including LummaC2, HijackLoader, and Vidar. This actor is notable for utilizing a bespoke NodeJS-based backdoor named NodeInitRAT, which facilitates persistence and reconnaissance activities while communicating with adversary-controlled servers over HTTP. Mocha Manakin has been linked to Interlock ransomware, and while direct ransomware activity has not been observed, there is moderate confidence that unmitigated activity may lead to such outcomes. The effectiveness of paste and run lures, distributed through methods like phishing and web browser injects, has contributed to the actor's increased scope and scale.

Aliases· 1

Mocha Manakin

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
MANITSME
Actor
Mustard Tempest
Actor
Mora_001
Actor
Boolka
Actor
Larva-26002
Actor
Larva‑25012
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.