Threats Feed|MuddyWater|Last Updated 25/07/2024|AuthorCertfa Radar|Publish Date08/12/2022

Spearphishing and Syncro: The Tools of MuddyWater's Recent Cyber Attacks

  • Actor Motivations: Espionage,Exfiltration
  • Attack Vectors: RAT,Spear Phishing
  • Attack Complexity: High
  • Threat Risk: Low Impact/High Probability

Threat Overview

The MuddyWater group has launched a campaign targeting countries including Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan, and the UAE. The group has employed the remote administration tool "Syncro" and used spear-phishing techniques, leveraging Dropbox and OneDrive to deliver the malicious Syncro MSI installer. The threat actors also utilized legitimate corporate email accounts to distribute their phishing emails. The sectors notably targeted include the data hosting, hospitality, and insurance sectors.

Reference and Credit: Deep Instinct - December 2022

New MuddyWater Threat: Old Kitten; New Tricks

Detected Targets

TypeDescriptionConfidence
CaseErtiqa
In this attack, MuddyWater named one of their Syncro installers "Ertiqa.msi," likely attempting to masquerade the malicious installer as legitimate or related to "Ertiqa," a known Saudi NGO, to increase the chances of the targeted users executing the file. Ertiqa is a Non-Profit Organization registered with the Ministry of Human Resources and Social Development, concerned with the collection, refurbishment and distribution of used computers to educational and social institutes. In association with “Extra”. Ertiqa has been targeted by MuddyWater with abusive purposes.
Verified
SectorInformation Technology
Verified
SectorInsurance
Verified
SectorTourism
Verified
RegionArmenia
Verified
RegionAzerbaijan
Verified
RegionEgypt
Verified
RegionIraq
Verified
RegionIsrael
Verified
RegionJordan
Verified
RegionOman
Verified
RegionQatar
Verified
RegionTajikistan
Verified
RegionUnited Arab Emirates
Verified

Extracted IOCs

  • 011cb37733cdf01c689d12fedc4a3eda8b0f6c4dcdeef1719004c32ee331198e
  • 01dfa94e11b60f92449445a9660843f7bea0d6aad62f1c339e88252008e3b494
  • 1670a59f573037142f417fb8c448a9022c8d31a6b2bf93ad77a9db2924b502af
  • 2a5f74e8268ad2d38c18f57a19d723b72b2dadd11b3ab993507dd2863d18008d
  • 32339f7ac043042e6361225b594047dd4398da489a2af17a9f74a51593b14951
  • 331b513cf17568329c7d5f1bac1d14f38c77f8d4adba40c48dab6baf98854f92
  • 433b47f40f47bea0889423ab96deb1776f47e9faa946e7c5089494ed00c6cc29
  • 4550b4fa89ff70d8ea59d350ad8fc537ceaad13779877f2761d91d69a2c445b2
  • 4d24b326d0335e122c7f6adaa22e8237895bdf4c6d85863cf8e84cfcc0503e69
  • 4e80bd62d02f312b06a0c96e1b5d1c6fd5a8af4e051f3f7f90e2976580842515
  • 5578b7d126ebae78635613685d0cd07f4fb86f2e5b08e799bdc67d6d6053ede2
  • 61dcf1eeb616104742dd892b89365751df9bb8c5b6a2b4080ac7cf34294d7675
  • 653046fa62d3c9325dbff5cb7961965a8bf5f96fa4e815b494c8d3e165b9c94a
  • 697580cf4266fa7d50fd5f690eee1f3033d3a706eb61fc1fca25471dbc36e684
  • 76ab046de18e20fd5cddbb90678389001361a430a0dc6297363ff10efbcb0fa8
  • 7e7292b5029882602fe31f15e25b5c59e01277abaab86b29843ded4aa0dcbdd1
  • 887c09e24923258e2e2c28f369fba3e44e52ce8a603fa3aee8c3fb0f1ca660e1
  • a35a1c92c001b59605efd318655d912f2bcd4e745da2b4a1e385d289e12ee905
  • aa282daa9da3d6fc2dc6d54d453f4c23b746ada5b295472e7883ee6e6353b671
  • b5c7acf08d3fd68ddc92169d23709e36e45cb65689880e30cb8f376b5c91be57
  • c6cfd23282c9ff9d0d4c72ee13797a898b01cd5fd256d347e399e7528dad3bfd
  • c7a2a9e020b4bcbfa53b37dea7ebf6943af203b94c24a35c098b774f79d532ac
  • d550f0f9c4554e63b6e6d0a95a20a16abe44fa6f0de62b6615b5fdcdb82fe8e1
  • d65d80ab0ccdc7ff0a72e71104de2b4c289c02348816dce9996ba3e2a4c1dd62
  • dab77aea8bf4f78628dcf45be6e2e79440c38a86e830846ec2bddc74ff0a36e4
  • dc7e102a2c68f7e3e15908eb6174548ce3d13a94caadf76e1a4ee834dc17a271
  • dedc593acc72c352feef4cc2b051001bfe22a79a3a7852f0daf95e2d10e58b84
  • e217c48c435a04855cf0c439259a95392122064002d4881cf093cc59f813aba8
  • e87fe81352ebda0cfc0ae785ebfc51a8965917235ee5d6dc6ca6b730eda494cf
  • eae0acba9c9e6a93ce2d5b30a5f21515e8ccca0975fbd0e7d8862964fdfa1468
  • efd5271bdb57f52b4852bfda05122b9ff85991c0600befcbd045f81d7a78eac5
  • f24ce8e6679893049ce4e5a03bc2d8c7e44bf5b918bf8bf1c2e45c5de4d11e56
  • f511bdd471096fc81dc8dad6806624a73837710f99b76b69c6501cb90e37c311
download

Tip: 33 related IOCs (0 IP, 0 domain, 0 URL, 0 email, 33 file hash) to this threat have been found.

About Affiliation
MuddyWater
View MuddyWater's Insights