StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0)

StrifeWater is a remote-access tool that has been used by Moses Staff in the initial stages of their attacks since at least November 2021.(Citation: Cybereason StrifeWater Feb 2022)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104)	Attack Pattern	StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0)	Malware	1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1)	Attack Pattern	StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0)	Malware	1
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0)	Malware	1
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0)	Malware	1
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077)	Attack Pattern	StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0)	Malware	1
StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0)	Malware	File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18)	Attack Pattern	1
StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	1
StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0)	Malware	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670)	Attack Pattern	StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0)	Malware	1
Screen Capture - T1113 (0259baeb-9f63-4c69-bf10-eb038c390688)	Attack Pattern	StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0)	Malware	1
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5)	Attack Pattern	StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0)	Malware	1
StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0)	Malware	Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	1
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0)	Malware	1
StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0)	Malware	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	1
StrifeWater - S1034 (fb78294a-7d7a-4d38-8ad0-92e67fddc9f0)	Malware	Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9)	Attack Pattern	1
Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69)	Attack Pattern	File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c)	Attack Pattern	2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	2
Virtualization/Sandbox Evasion - T1497 (82caa33e-d11a-433a-94ea-9b5a5fbef81d)	Attack Pattern	Time Based Evasion - T1497.003 (4bed873f-0b7d-41d4-b93a-b6905d1f90b0)	Attack Pattern	2
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2)	Attack Pattern	Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0)	Attack Pattern	2