Mori

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[Mori](https://attack.mitre.org/software/S1047) is a backdoor that has been used by [MuddyWater](https://attack.mitre.org/groups/G0069) since at least January 2022.(Citation: DHS CISA AA22-055A MuddyWater February 2022)(Citation: CYBERCOM Iranian Intel Cyber January 2022)

Associated Techniques (9)

ID	ATT&CK	Tactics
T1001.001	Junk Data	-
T1012	Query Registry	-
T1070.004	File Deletion	-
T1071.001	Web Protocols	-
T1071.004	DNS	-
T1112	Modify Registry	-
T1132.001	Standard Encoding	-
T1140	Deobfuscate/Decode Files or Information	-
T1218.010	Regsvr32	-

Used by Actors (1)

MuddyWater
Nation-state

Metadata

ID:	358
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00