S1035Windows

S1035Small Sieve

Platforms
1
ATT&CK
14.1
References
4

Description

[Small Sieve](https://attack.mitre.org/software/S1035) is a Telegram Bot API-based Python backdoor that has been distributed using a Nullsoft Scriptable Install System (NSIS) Installer; it has been used by [MuddyWater](https://attack.mitre.org/groups/G0069) since at least January 2022.(Citation: DHS CISA AA22-055A MuddyWater February 2022)(Citation: NCSC GCHQ Small Sieve Jan 2022) Security researchers have also noted [Small Sieve](https://attack.mitre.org/software/S1035)'s use by UNC3313, which may be associated with [MuddyWater](https://attack.mitre.org/groups/G0069).(Citation: Mandiant UNC3313 Feb 2022)

Platforms· 1

Windows

References

  1. https://attack.mitre.org/software/S1035
  2. https://www.cisa.gov/uscert/ncas/alerts/aa22-055a
  3. https://www.ncsc.gov.uk/files/NCSC-Malware-Analysis-Report-Small-Sieve.pdf
  4. https://www.mandiant.com/resources/telegram-malware-iranian-espionage

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
STARWHALE
Software
StrifeWater
Software
Mori
Software
Milan
Software
QUIETCANARY
Software
PingPull
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.