HOMETHREATSSHADOW-WATER-063
APT / THREAT GROUP💰 FINANCIALHIGH

SHADOW-WATER-063

🇧🇷Brazil-attributed
1
aliases
Last seen:Jun 5, 2026

Intelligence Profile

SHADOW-WATER-063 is a financially motivated threat actor attributed to the Banana RAT banking trojan, primarily targeting Brazilian financial accounts. Analysis of recovered artifacts, including a Python panel and PowerShell stagers, supports a moderate-confidence attribution assessment. The actor's infrastructure and endpoint telemetry indicate a focus on executing fraudulent transactions. Key evidentiary pillars establish their intent to exploit Brazilian financial systems.

Threat Analysis

SHADOW-WATER-063 is a high-sophistication threat actor attributed to Brazil, engaged in cyber operations with a primary motivation of financial.

Financially motivated threat actors like SHADOW-WATER-063 prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

With high sophistication, SHADOW-WATER-063 is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.

Intelligence Reports Mentioning SHADOW-WATER-063

External References

Quick Facts

TypeAPT / Threat Group
Motivation💰 financial
Sophisticationhigh
Origin🇧🇷 Brazil
Aliases1
SourceMalpedia

Also Known As

SHADOW-WATER-063

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.