valyria (2)

9546806300?profile=RESIZE_400xValyria malware is a trojan distributed by phishing email attacks seemingly targeting business emails, commonly using the words “Invoice,” “Order,” or “Report” in the subject line. 

Among these emails, there is a strong resurgence of tactics, techniques, and procedures (TTP’s) previously known to be employed by the Gorgon Group with the MasterMana Botnet.

Link to full technical report: TIR-21-224-001_Val.pdf

Wapack Labs has been monitoring Iranian cyber activity for several years, specifically the evolving OilRig and Greenbug campaigns. Their adoption of a cyber operational paradigm involving both cyber hacktivism and cyber espionage tactics resembles cyber activity patterns employed by Chinese APT groups, whereby different groups perform different campaigns, with multiple teams conducting separate phases of a cyber campaign. With President Trump’s refusal to re-certify Iran’s compliance with the 20