Metador

Also known as: Metador

Metador is a suspected cyber espionage group that was first reported in September 2022. Metador has targeted a limited number of telecommunication companies, internet service providers, and universities in the Middle East and Africa. Security researchers named the group Metador based on the “I am meta” string in one of the group’s malware samples and the expectation of Spanish-language responses from C2 servers. SentinelLabs Metador Sept 2022

🧭 ATT&CK G1013

Introduction

Metador is a suspected cyber espionage group that was first reported in September 2022. Metador has targeted a limited number of telecommunication companies, internet service providers, and universities in the Middle East and Africa. Security researchers named the group Metador based on the “I am meta” string in one of the group’s malware samples and the expectation of Spanish-language responses from C2 servers. SentinelLabs Metador Sept 2022

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

ATT&CK technique IDs (denormalized)

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • Windows Remote Desktop
  • Archelaus Beta

MITRE ATT&CK Software

Attribution and Evidence

Information pending cataloguing.

References

[1] mitre-attack [2] SentinelLabs Metador Sept 2022 Ehrlich, A., et al. (2022, September). THE MYSTERY OF METADOR | AN UNATTRIBUTED THREAT HIDING IN TELCOS, ISPS, AND UNIVERSITIES. Retrieved January 23, 2023.