Storm-1084
MISP
Tipo:
Unknown
Unknown
Paese:
IR
IR
Prima attivita:
Unknown
Unknown
Dettagli:
Storm-1084 is a threat actor that has been observed collaborating with the MuddyWater group. They have used the DarkBit persona to mask their involvement in targeted attacks. Storm-1084 has been linked to destructive actions, including the encryption of on-premise devices and deletion of cloud resources. They have been observed using tools such as Rport, Ligolo, and a customized PowerShell backdoor. The extent of their autonomy or collaboration with other Iranian threat actors is currently unclear.
Alias (107)
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
DEV-1084
Metadata
| ID: | 601 |
| Created: | 13/01/2026 17:48 |
| Updated: | 08/03/2026 04:00 |