Storm-1044Storm-1044

Also known as: Storm-1044 · DEV-1044

Known aliases
2

Profile

Storm-1044 has been identified as part of a cyber campaign in collaboration with Twisted Spider. They employ a strategic approach, targeting specific endpoints using an initial access trojan called DanaBot. Once they gain access, Storm-1044 initiates lateral movement through Remote Desktop Protocol sign-in attempts, passing control to Twisted Spider. Twisted Spider then compromises the endpoints by introducing the CACTUS ransomware. Microsoft has detected ongoing malvertising attacks involving Storm-1044, leading to the deployment of CACTUS ransomware.

Aliases· 2

Storm-1044DEV-1044

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Storm-1084
Actor
Storm-0940
Actor
Storm-0324
Actor
Storm-0826
Actor
Storm-1674
Actor
Storm-0506
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.