cti-ATT-CK-v13.1/enterprise-attack/intrusion-set/intrusion-set--4c4a7846-45d5-4761-8eea-725fa989914c.json

{
    "type": "bundle",
    "id": "bundle--fa49313d-9761-49d7-97b1-870bcd996803",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2022-10-24T18:50:12.653Z",
            "name": "Moses Staff",
            "description": "[Moses Staff](https://attack.mitre.org/groups/G1009) is a suspected Iranian threat group that has primarily targeted Israeli companies since at least September 2021. [Moses Staff](https://attack.mitre.org/groups/G1009) openly stated their motivation in attacking Israeli companies is to cause damage by leaking stolen sensitive data and encrypting the victim's networks without a ransom demand.(Citation: Checkpoint MosesStaff Nov 2021) \n\nSecurity researchers assess [Moses Staff](https://attack.mitre.org/groups/G1009) is politically motivated, and has targeted government, finance, travel, energy, manufacturing, and utility companies outside of Israel as well, including those in Italy, India, Germany, Chile, Turkey, the UAE, and the US.(Citation: Cybereason StrifeWater Feb 2022)",
            "aliases": [
                "Moses Staff"
            ],
            "x_mitre_deprecated": false,
            "x_mitre_version": "1.0",
            "x_mitre_contributors": [
                "Hiroki Nagahama, NEC Corporation",
                "Pooja Natarajan, NEC Corporation India",
                "Manikantan Srinivasan, NEC Corporation India"
            ],
            "type": "intrusion-set",
            "id": "intrusion-set--4c4a7846-45d5-4761-8eea-725fa989914c",
            "created": "2022-08-11T22:47:27.686Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": false,
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/groups/G1009",
                    "external_id": "G1009"
                },
                {
                    "source_name": "Checkpoint MosesStaff Nov 2021",
                    "description": "Checkpoint Research. (2021, November 15). Uncovering MosesStaff techniques: Ideology over Money. Retrieved August 11, 2022.",
                    "url": "https://research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/"
                },
                {
                    "source_name": "Cybereason StrifeWater Feb 2022",
                    "description": "Cybereason Nocturnus. (2022, February 1). StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to Ransomware Operations. Retrieved August 15, 2022.",
                    "url": "https://www.cybereason.com/blog/research/strifewater-rat-iranian-apt-moses-staff-adds-new-trojan-to-ransomware-operations"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "x_mitre_domains": [
                "enterprise-attack"
            ],
            "x_mitre_attack_spec_version": "3.0.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}