Threats Feed|MuddyWater|Last Updated 25/07/2024|AuthorCertfa Radar|Publish Date12/01/2022

Evolution of MuddyWater: Targeting Governmental and Telecom Sectors in the Middle East

Actor Motivations: Espionage
Attack Vectors: Vulnerability Exploitation,Malware
Attack Complexity: High
Threat Risk: High Impact/High Probability

Threat Overview

The MuddyWater threat group continues to evolve its tactics and techniques. The group exploits publicly available offensive security tools and has been refining its custom toolset to avoid detection. It utilizes the PowGoop malware family, tunneling tools, and targets Exchange servers in high-profile organizations, particularly governmental entities and telecommunication companies in the Middle East. The group has also been observed exploiting CVE-2020-0688 and using Ruler for its malicious activities.

Reference and Credit: Sentinel Labs - January 2022

Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor

Detected Targets

Type	Description	Confidence
Sector	Government Agencies and Services	Verified
Sector	Telecommunication	Verified
Region	Middle East Countries	Verified

Extracted IOCs

6c084c8f5a61c6bec5eb5573a2d51ffb
a5981c4fa0a3d232ce7f7ce1225d9c7e
a65696d6b65f7159c9ffcd4119f60195
cec48bcdedebc962ce45b63e201c0624
f8e7ff6895a18cc3d05d024ac7d8be3e
570f7272412ff8257ed6868d90727a459e3b179e
61608ed1de56d0e4fe6af07ecba0bd0a69d825b8
81f46998c92427032378e5dead48bdfc9128b225
8fed2ff6b739c13badb14c1a884d738c80cb6f34
97248b6e445d38d48334a30a916e7d9dda33a9b2
7e7545d14df7b618b3b1bc24321780c164a0a14d3600dbac0f91afbce1a2f9f4
aa48f06ea8bfebdc0cace9ea5a2f9ce00c094ce10df52462c4b9e87fefe70f94
b5b1e26312e0574464ddef92c51d5f597e07dba90617c0528ec9f494af7e8504
dd7ee54b12a55bcc67da4ceaed6e636b7bd30d4db6f6c594e9510e1e605ade92
f1178846036f903c28b4ab752afe1b38b531196677400c2250ac23377cf44ec3

download

Tip: 15 related IOCs (0 IP, 0 domain, 0 URL, 0 email, 15 file hash) to this threat have been found.

Overlaps

MuddyWaterMuddyWater Espionage Campaign: A Deep Dive into Malware and Tactics

Source: Picussecurity - March 2022

Detection (six cases): 570f7272412ff8257ed6868d90727a459e3b179e, 81f46998c92427032378e5dead48bdfc9128b225, a65696d6b65f7159c9ffcd4119f60195, b5b1e26312e0574464ddef92c51d5f597e07dba90617c0528ec9f494af7e8504, cec48bcdedebc962ce45b63e201c0624, dd7ee54b12a55bcc67da4ceaed6e636b7bd30d4db6f6c594e9510e1e605ade92

MuddyWaterAnalysis of MuddyWater Malware Targeting Diverse International Sectors

Source: CISA - February 2022

Detection (three cases): 7e7545d14df7b618b3b1bc24321780c164a0a14d3600dbac0f91afbce1a2f9f4, b5b1e26312e0574464ddef92c51d5f597e07dba90617c0528ec9f494af7e8504, dd7ee54b12a55bcc67da4ceaed6e636b7bd30d4db6f6c594e9510e1e605ade92

Hint: Overlaps are extracted automatically by examining the IOCs associated with all indexed threats and actors.

About Affiliation

MuddyWater

Associate threats