Cyber Espionage Evolution: MuddyWater’s Obfuscation Techniques and Anti-Analysis Measures
- Actor Motivations: Espionage
- Attack Vectors: Backdoor,Malicious Macro,Malware
- Attack Complexity: Medium
- Threat Risk: High Impact/High Probability
Threat Overview
The MuddyWater or Temp.Zagros group has resumed its activities after a perceived quiet phase, with recent samples revealing additional obfuscation layers. The group continues to use PowerShell, targeting regions such as Turkey, Iraq, and Pakistan, with a potential focus on governmental sectors. The recent malicious documents include a new variant of the POWERSTATS backdoor, with anti-analysis and debugging features such as BSOD functionality. They have also included checks for security software and process names to impair defensive measures.
Detected Targets
| Type | Description | Confidence |
|---|---|---|
| Case | Election Commission of Pakistan The Election Commission of Pakistan is an independent, autonomous, permanent and constitutionally established federal body responsible for organizing and conducting elections to the national parliament, provincial legislatures, local governments, and the office of President of Pakistan, as well as the delimitation of constituencies and preparation of electoral rolls. Election Commission of Pakistan has been targeted by MuddyWater with abusive purposes. | Verified |
| Case | Ministry of Foreign Affairs of the Republic of Iraq The Ministry of Foreign Affairs of Iraq is the governmental body in Iraq responsible for the country's foreign relations and diplomacy. Ministry of Foreign Affairs of the Republic of Iraq has been targeted by MuddyWater with abusive purposes. | Verified |
| Case | National Assembly of Pakistan The National Assembly of Pakistan is the lower legislative house of the bicameral Parliament of Pakistan, which also comprises the Senate of Pakistan. The National Assembly and the Senate both convene at Parliament House in Islamabad, the capital of Pakistan. National Assembly of Pakistan has been targeted by MuddyWater with abusive purposes. | Verified |
| Case | Republic of Türkiye Investment Office The Republic of Turkey Investment Office is the official organization for promoting Turkey’s investment opportunities to the global business community and providing assistance to investors before, during, and after their entry into Turkey. It operates as a single point of contact for foreign investors, helping them to set up their businesses in the country. Republic of Türkiye Investment Office has been targeted by MuddyWater with abusive purposes. | Verified |
| Case | Scientific and Technological Research Council of Türkiye (TÜBİTAK) The Scientific and Technological Research Institution of Turkey is a national agency of Turkey whose stated goal is to develop "science, technology and innovation" policies, support and conduct research and development, and to "play a leading role in the creation of a science and technology culture" in the country. Scientific and Technological Research Council of Türkiye (TÜBİTAK) has been targeted by MuddyWater with abusive purposes. | Verified |
| Sector | Government Agencies and Services | Medium |
| Region | Iraq | Verified |
| Region | Pakistan | Verified |
| Region | Turkey | Verified |
| Region | Middle East Countries | High |
Extracted IOCs
- 24newstube[.]com
- 2strongmagazine.co[.]za
- 9newshd[.]com
- aahung[.]org
- abadleabantu.co[.]za
- abanganifunerals.co[.]za
- aboutbodybuildingworkout[.]com
- aboutduvetcovers[.]com
- abrahamseed.co[.]za
- absfinancialplanning.co[.]za
- abvsecurity.co[.]za
- adriaanvorster.co[.]za
- adsbook.co[.]za
- advss.co[.]za
- aexergy[.]com
- agricolavicuna[.]cl
- ahmadhasanat[.]com
- alceharfield[.]com
- alchimiegrafiche[.]net
- alessandrofoglino[.]com
- alfredocifuentes[.]com
- aliart[.]nl
- all2wedding[.]com
- allianz.com[.]pe
- allisonplumbing[.]com
- allsporthealthandfitness[.]com
- almaqsd[.]com
- alphaobring[.]com
- alterwebhost[.]com
- amatikulutours[.]com
- ambiances-toiles[.]fr
- amesoulcoaching[.]com
- amishcountryfurnishings[.]com
- angar68[.]com
- annodle[.]com
- anotherdayinparadise[.]ca
- answerstoprayer[.]org
- anubandh[.]in
- apalawyers[.]pt
- apollonweb[.]com
- aqarco[.]com
- aquabsafe[.]com
- arabsdeals[.]com
- archersassociationofamerica[.]org
- architectsinc[.]net
- arhiepiscopiabucurestilor[.]ro
- badlaretinaclinic[.]com
- bafflethink[.]com
- bagadesign[.]pt
- bahaykuboeliterealty.com[.]au
- bakayokocpa[.]com
- bakron.co[.]za
- balaateen.co[.]za
- banjo[.]la
- bansko-furniture.co[.]uk
- bartabee[.]com
- batistadopovosjc.org[.]br
- batthiqbal[.]com
- baynetins[.]com
- bazinga-shop[.]eu
- beadbazaar.com[.]au
- bednbreakfasthotel[.]com
- beehiveholdingszar.co[.]za
- beesrenovations.co[.]za
- bekkersweldingservice[.]nl
- bella-yfaceandbodyproduct[.]com
- bentivegna[.]es
- berped.co[.]za
- bestaxi[.]nl
- bestbedrails[.]reviews
- bestcoolingtowels[.]reviews
- best-digital-slr-cameras[.]com
- best-dreams[.]com
- bestencouragementwords[.]com
- besttweezers[.]reviews
- betandbeer[.]tips
- bfval[.]com
- bgadvocaten[.]nl
- billielaw[.]com
- binaries[.]site
- biondi[.]co
- bios-chip.co[.]za
- bitandbyte62[.]com
- bitteeth[.]com
- blackrabbitthailand[.]com
- blackthorn.co[.]za
- blackwolfco[.]com
- blankwebagency[.]com
- blockchainadvertisements[.]net
- blueberrygroup.com[.]ar
- bluecrome[.]com
- bluefor[.]com
- bluehawkbeats[.]com
- bmasokaprojects.co[.]za
- bmorecleaning[.]com
- bntlaminates[.]com
- boardaffairs[.]com
- boatwif.co[.]uk
- bo-crm[.]com
- bogdanandreescu[.]fit
- bogjerlow[.]com
- bonus[.]rocks
- bookdoctormeeting[.]com
- bosacik[.]sk
- boudua[.]com
- bradleysherrer[.]com
- bramloosveld[.]be
- brandr[.]ge
- bravori[.]com
- breakbyte[.]com
- breakoutmonitor[.]info
- breastfeedingbra.co[.]za
- briskid[.]com
- brokedudepodcast[.]com
- broken-arrow.co[.]za
- btfila[.]org
- btg4hope[.]org
- buboobioinnovations.co[.]za
- buchnation[.]com
- buenasia[.]com
- buildingstandards.com[.]pk
- buildyoursalon[.]com
- bulinvestconsult[.]com
- bumbledyne[.]com
- bumpapps[.]com
- burgercoetzeeattorneys.co[.]za
- burgeystikihut[.]com
- cafawelding.co[.]za
- cambridgetuts[.]com
- capetownway.co[.]za
- capewindstrading.co[.]za
- capitalradiopetition.co[.]za
- capriflower.co[.]za
- carlagrobler.co[.]za
- cashforyousa.co[.]za
- cazochem.co[.]za
- cdxtrading.co[.]za
- centuriongsd.co[.]za
- centuryacademy.co[.]za
- ceramica.co[.]za
- charispaarl.co[.]za
- charliewestsecurity.co[.]za
- chickenandkitchen[.]com
- chinamall.co[.]za
- chrisdejager-attorneys.co[.]za
- chrishanicdc[.]org
- clandecor.co[.]za
- cloudhub.co[.]ls
- clouditzone[.]com
- cmhts.co[.]za
- colenesphotography.co[.]za
- comfortex.co[.]za
- comsip.org[.]mw
- courtesydriving.co[.]za
- crystaltidings.co[.]za
- cupboardcure.co[.]za
- cybercraft[.]biz
- dailyqadamat[.]com
- debnoch[.]com
- deepgraphics.co[.]za
- delcom.co[.]za
- delectronics.com[.]pk
- desirablehair.co[.]za
- dianakleyn.co[.]za
- diegemmerkat.co[.]za
- digital-cameras-south-africa.co[.]za
- domesticguardians.co[.]za
- dpscdgkhan.edu[.]pk
- eastrandmotorlab.co[.]za
- ecs-consult[.]com
- edgeforensic.co[.]za
- ednpk[.]com
- elemech.com[.]pk
- embali.co[.]za
- empowerbridge[.]com
- emware.co[.]za
- entracorntrading.co[.]za
- erniecommunications.co[.]za
- evansmokaba[.]com
- experttutors.co[.]za
- fbrvolume.co[.]za
- fccorp.co[.]za
- fickstarelectrical.co[.]za
- finalnewstv[.]com
- findinfo-more[.]com
- firstchoiceproperties.co[.]za
- foryou[.]guru
- fourseasonscaterersdecorators[.]com
- fragranceoil.co[.]za
- freeskl[.]com
- fsproperties.co[.]za
- funeralbusinesssolution[.]com
- funisalodge.co[.]za
- geetransfers.co[.]za
- genesisbs.co[.]za
- getabletravel.co[.]za
- get-paid-for-online-survey[.]com
- gideonitesprojects[.]com
- glenbridge.co[.]za
- glgroup.co[.]za
- globalelectricalandconstruction.co[.]za
- goldeninstitute.co[.]za
- goolinegaming[.]com
- greenacrestf.co[.]za
- gsnconsulting.co[.]za
- gvs.com[.]pk
- habibtextiles[.]pk
- hartenboswaterpark.co[.]za
- haveytv[.]com
- havilahglo.co[.]za
- h-dubepromotions.co[.]za
- heritagetravelmw[.]com
- hesterwebber.co[.]za
- highschoolsuperstar.co[.]za
- hisandherskennels.co[.]za
- hjb-racing.co[.]za
- hmholdings360.co[.]za
- host4unix[.]net
- hosthof[.]pk
- hostingvalley.co[.]uk
- h-u-i.co[.]za
- hybridauto.co[.]za
- iconicciti[.]com
- iggleconsulting[.]com
- iiee.edu[.]pk
- iinvest4u.co[.]za
- immaculatepainters.co[.]za
- in2accounting.co[.]za
- incoso.co[.]za
- indiba-africa.co[.]za
- indlovusecurity.co[.]za
- indocraft.co[.]za
- insafradio[.]pk
- insta-art.co[.]za
- intelligentprotection.co[.]za
- investaholdings.co[.]za
- iqra.co[.]za
- irshadfoundation.co[.]za
- isibaniedu.co[.]za
- isound.co[.]za
- itengineering.co[.]za
- jakobieducation.co[.]za
- jdcorporate.co[.]za
- jeanetteproperties.co[.]za
- jhphotoedits.co[.]za
- joyngroup[.]com
- juniorad.co[.]za
- jvpsfunerals.co[.]za
- jwseshowe.co[.]za
- kamas[.]pk
- ladiescircle.co[.]za
- lahorecoolingtower[.]com
- lahorewholesalemarket[.]com
- ldams.org[.]ls
- lensofafrica.co[.]za
- lppaportal.org[.]ls
- luxconprojects.co[.]za
- mailingservers[.]net
- menaboracks.co[.]za
- meniskoumantareas[.]gr
- mgamule.co[.]za
- mokorotlocorporate[.]com
- molepetravel.co[.]ls
- muallematsela[.]com
- mukhtarfeeds[.]com
- news9pakistan[.]com
- oftheearthphotography[.]com
- passright.co[.]za
- perfectlabels[.]net
- printernet.co[.]za
- proeventsports.co[.]za
- promechtransport.co[.]za
- rightwayfoundationpk[.]org
- rstextilesourcing[.]com
- ryanchristiefurniture.co[.]za
- satuwrite[.]com
- sefikengfarm.co[.]ls
- seismicfactory.co[.]za
- seoinlahorepakistan[.]com
- serversvalley[.]com
- servicebox.co[.]za
- signsoftime.co[.]za
- sullivanprimary.co[.]za
- tcpbereka.co[.]za
- thecompasssolutions.co[.]za
- thelawyerscanvas[.]pk
- themotoringcalendar.co[.]za
- tophillsports[.]com
- tuules[.]com
- ushostinc[.]com
- verifiedseller.co[.]za
- visionclinic.co[.]ls
- vumavaluations.co[.]za
- webhostinc[.]net
- welcomecaters[.]com
- willpowerpos.co[.]za
- winagainstebola[.]com
- africanpixels.zar[.]cc
- www.abies.co[.]za
- www.acer-parts.co[.]za
- www.advcadsys[.]com
- www.alessioborzuola[.]com
- www.alfredoposada[.]com
- www.algom-law[.]com
- www.alvarezarquitectos[.]com
- www.amateurastronomy[.]org
- www.amazingtour[.]pk
- www.amighini[.]it
- www.amphibiblechurch[.]com
- www.andreabelfi[.]com
- www.andrebruton[.]com
- www.androidwikihow[.]com
- www.animationinisrael[.]org
- www.antojoentucocina[.]com
- www.applecartng[.]com
- www.ariehandomri[.]com
- www.banditrockradio[.]com
- www.baossdigital[.]com
- www.bashancorp.co[.]za
- www.bazookagames[.]net
- www.bcppro[.]com
- www.be-indigene[.]be
- www.bertflierdesign[.]nl
- www.besman[.]de
- www.bestarticlespinnerr[.]com
- www.bestdecorativemirrors[.]com
- www.bhakkarrishtey[.]com
- www.bhsmusic[.]net
- www.bioforgehealth[.]org
- www.biosetinlabs[.]com
- www.blattoamsterdam[.]com
- www.blubaytrading[.]com
- www.bmcars[.]nl
- www.bolagsregistrering[.]eu
- www.boutiquesxxx[.]com
- www.braidhairextensions[.]com
- www.brand-stories[.]gr
- www.brianzashop[.]it
- www.bridgestobodhi[.]org
- www.britishasia-equip.co[.]uk
- www.buhlebayoacademy[.]com
- www.buyandenjoy[.]pk
- www.cartridgecave.co[.]za
- www.centreforgovernance[.]uk
- www.competitiveedoptions[.]com
- www.crissamconsulting.co[.]za
- www.daleth.co[.]za
- www.dingaanassociates.co[.]za
- www.duotonedigital.co[.]za
- www.dws-gov.co[.]za
- www.easy-home-sales.co[.]za
- www.edesignz.co[.]za
- www.engeltjieakademie.co[.]za
- www.exomi[.]es
- www.fun4kidz.co[.]za
- www.galwayprimary.co[.]za
- www.generictoners.co[.]za
- www.getcord.co[.]za
- www.gilforsenate[.]com
- www.goolineb2b[.]com
- www.gooline[.]net
- www.gooline[.]pk
- www.goolinespace[.]com
- www.gsmmid[.]com
- www.harmonyguesthouse.co[.]za
- www.hfhl.org[.]ls
- www.hosthof[.]com
- www.humorcarbons[.]com
- www.iancullen.co[.]za
- www.icsswaziland[.]com
- www.ieced.com[.]pk
- www.ihlosiqs-pm.co[.]za
- www.infratechconsulting[.]com
- www.khotsonglodge.co[.]ls
- www.koshcreative.co[.]uk
- www.loansonhomes.co[.]za
- www.logicsfort[.]com
- www.londonbeautyclinic[.]pk
- www.m-3.co[.]za
- www.malboer.co[.]za
- www.mikimaths[.]com
- www.moboradar[.]com
- www.paktechinfo[.]com
- www.rejoicetheatre[.]com
- www.tanati.co[.]za
- www.theharith[.]com
- www.tonaro.co[.]za
- www.triconfabrication[.]com
- www.wbdrivingschool[.]com
- 18cf5795c2208d330bd297c18445a9e25238dd7f28a1a6ef55e2a9239f5748cd
- 5c7d16bd89ef37fe02cac1851e7214a01636ee4061a80bfdbde3a2d199721a79
- 707d2128a0c326626adef0d3a4cab78562abd82c2bd8ede8cc82f86c01f1e024
- 76e9988dad0278998861717c774227bf94112db548946ef617bfaa262cb5e338
- 94625dd8151814dd6186735a6a6a87b2a4c71c04b8402caf314fb6f98434eaad
- b7b8faac19a58548b28506415f9ece479055e9af0557911ca8bbaa82b483ffb8
- hxxp://24newstube[.]com//wp-config-ini.php
- hxxp://2strongmagazine.co[.]za//wp-config-ini.php
- hxxp://9newshd[.]com//wp-config-ini.php
- hxxp://aahung[.]org//wp-config-ini.php
- hxxp://abadleabantu.co[.]za//wp-config-ini.php
- hxxp://abanganifunerals.co[.]za//wp-config-ini.php
- hxxp://aboutbodybuildingworkout[.]com//wp-config-ini.php
- hxxp://aboutduvetcovers[.]com//wp-config-ini.php
- hxxp://abrahamseed.co[.]za//wp-config-ini.php
- hxxp://absfinancialplanning.co[.]za/images/wp-config-ini.php
- hxxp://abvsecurity.co[.]za//wp-config-ini.php
- hxxp://adriaanvorster.co[.]za//wp-config-ini.php
- hxxp://adsbook.co[.]za//wp-config-ini.php
- hxxp://advss.co[.]za/images/wp-config-ini.php
- hxxp://aexergy[.]com//wp-config-ini.php
- hxxp://africanpixels.zar[.]cc//wp-config-ini.php
- hxxp://agricolavicuna[.]cl//wp-config-ini.php
- hxxp://ahmadhasanat[.]com//wp-config-ini.php
- hxxp://alchimiegrafiche[.]net/bbdelteatro/wp-config-ini.php
- hxxp://alemaohost[.]com/meniskoumantareas.gr/public_html/tmp/wp-config-ini.php
- hxxp://alessandrofoglino[.]com//wp-config-ini.php
- hxxp://alfredocifuentes[.]com//wp-config-ini.php
- hxxp://all2wedding[.]com/wp-includes/wp-config-ini.php
- hxxp://allianz.com[.]pe//wp-config-ini.php
- hxxp://allisonplumbing[.]com//wp-config-ini.php
- hxxp://allsporthealthandfitness[.]com//wp-config-ini.php
- hxxp://almaqsd[.]com/wp-includes/wp-config-ini.php
- hxxp://alphaobring[.]com//wp-config-ini.php
- hxxp://amatikulutours[.]com/tmp/wp-config-ini.php
- hxxp://ambiances-toiles[.]fr//wp-config-ini.php
- hxxp://amesoulcoaching[.]com/wp-admin/wp-config-ini.php
- hxxp://angar68[.]com//wp-config-ini.php
- hxxp://answerstoprayer[.]org//wp-config-ini.php
- hxxp://anubandh[.]in//wp-config-ini.php
- hxxp://apalawyers[.]pt//wp-config-ini.php
- hxxp://apollonweb[.]com//wp-config-ini.php
- hxxp://aqarco[.]com/wp-admin/wp-config-ini.php
- hxxp://arabsdeals[.]com//wp-config-ini.php
- hxxp://archersassociationofamerica[.]org//wp-config-ini.php
- hxxp://architectsinc[.]net/mail/wp-config-ini.php
- hxxp://badlaretinaclinic[.]com/tmp/wp-config-ini.php
- hxxp://bafflethink[.]com/administrator/wp-config-ini.php
- hxxp://bagadesign[.]pt//wp-config-ini.php
- hxxp://bahaykuboeliterealty.com[.]au//wp-config-ini.php
- hxxp://bakron.co[.]za//wp-config-ini.php
- hxxp://balaateen.co[.]za/less/wp-config-ini.php
- hxxp://banjo[.]la//wp-config-ini.php
- hxxp://bansko-furniture.co[.]uk//wp-config-ini.php
- hxxp://bartabee[.]com//wp-config-ini.php
- hxxp://batistadopovosjc.org[.]br//wp-config-ini.php
- hxxp://batthiqbal[.]com/sagenda/webroot/wp-config-ini.php
- hxxp://baynetins[.]com//wp-config-ini.php
- hxxp://bazinga-shop[.]eu//wp-config-ini.php
- hxxp://beadbazaar.com[.]au/assets/css/wp-config-ini.php
- hxxp://beehiveholdingszar.co[.]za//wp-config-ini.php
- hxxp://beesrenovations.co[.]za/images/wp-config-ini.php
- hxxp://bella-yfaceandbodyproduct[.]com//wp-config-ini.php
- hxxp://berped.co[.]za//wp-config-ini.php
- hxxp://best-digital-slr-cameras[.]com//wp-config-ini.php
- hxxp://bestencouragementwords[.]com//wp-config-ini.php
- hxxp://betandbeer[.]tips//wp-config-ini.php
- hxxp://bfval[.]com/tmp/wp-config-ini.php
- hxxp://billielaw[.]com//wp-config-ini.php
- hxxp://binaries[.]site/wink/wp-config-ini.php
- hxxp://biondi[.]co//wp-config-ini.php
- hxxp://bios-chip.co[.]za//wp-config-ini.php
- hxxp://bitandbyte62[.]com/faibrescia/wp-config-ini.php
- hxxp://bitteeth[.]com/docbank/wp-config-ini.php
- hxxp://blackrabbitthailand[.]com//wp-config-ini.php
- hxxp://blackthorn.co[.]za//wp-config-ini.php
- hxxp://blackwolfco[.]com//wp-config-ini.php
- hxxp://blueberrygroup.com[.]ar//wp-config-ini.php
- hxxp://bluecrome[.]com//wp-config-ini.php
- hxxp://bluefor[.]com/magento/wp-config-ini.php
- hxxp://bluehawkbeats[.]com//wp-config-ini.php
- hxxp://bmasokaprojects.co[.]za//wp-config-ini.php
- hxxp://bmorecleaning[.]com//wp-config-ini.php
- hxxp://bntlaminates[.]com//wp-config-ini.php
- hxxp://boardaffairs[.]com//wp-config-ini.php
- hxxp://bo-crm[.]com/corel.com.bo/wp-config-ini.php
- hxxp://bogdanandreescu[.]fit//wp-config-ini.php
- hxxp://bonus[.]rocks//wp-config-ini.php
- hxxp://bookdoctormeeting[.]com//wp-config-ini.php
- hxxp://bradleysherrer[.]com/wp/wp-config-ini.php
- hxxp://bramloosveld[.]be/trainer/wp-config-ini.php
- hxxp://brandr[.]ge//wp-config-ini.php
- hxxp://breakbyte[.]com//wp-config-ini.php
- hxxp://breakoutmonitor[.]info//wp-config-ini.php
- hxxp://breastfeedingbra.co[.]za//wp-config-ini.php
- hxxp://briskid[.]com//wp-config-ini.php
- hxxp://broken-arrow.co[.]za//wp-config-ini.php
- hxxp://btfila[.]org/wp-includes/wp-config-ini.php
- hxxp://btg4hope[.]org//wp-config-ini.php
- hxxp://buboobioinnovations.co[.]za/wpimages/wp-config-ini.php
- hxxp://buchnation[.]com//wp-config-ini.php
- hxxp://buenasia[.]com/wp-includes/wp-config-ini.php
- hxxp://buildingstandards.com[.]pk//wp-config-ini.php
- hxxp://bumbledyne[.]com/domainmod/wp-config-ini.php
- hxxp://bumpapps[.]com/apps/wp-config-ini.php
- hxxp://burgercoetzeeattorneys.co[.]za//wp-config-ini.php
- hxxp://burgeystikihut[.]com//wp-config-ini.php
- hxxp://cafawelding.co[.]za/font-awesome/wp-config-ini.php
- hxxp://cambridgetuts[.]com//wp-config-ini.php
- hxxp://capetownway.co[.]za//wp-config-ini.php
- hxxp://capewindstrading.co[.]za//wp-config-ini.php
- hxxp://capitalradiopetition.co[.]za//wp-config-ini.php
- hxxp://capriflower.co[.]za//wp-config-ini.php
- hxxp://carlagrobler.co[.]za/components/wp-config-ini.php
- hxxp://cashforyousa.co[.]za//wp-config-ini.php
- hxxp://cazochem.co[.]za/cazochem/wp-config-ini.php
- hxxp://cdxtrading.co[.]za//wp-config-ini.php
- hxxp://centuriongsd.co[.]za//wp-config-ini.php
- hxxp://centuryacademy.co[.]za/css/wp-config-ini.php
- hxxp://ceramica.co[.]za//wp-config-ini.php
- hxxp://charispaarl.co[.]za//wp-config-ini.php
- hxxp://charliewestsecurity.co[.]za//wp-config-ini.php
- hxxp://chickenandkitchen[.]com//wp-config-ini.php
- hxxp://chinamall.co[.]za//wp-config-ini.php
- hxxp://chrisdejager-attorneys.co[.]za//wp-config-ini.php
- hxxp://chrishanicdc[.]org/wpimages/wp-config-ini.php
- hxxp://clandecor.co[.]za/rvsutf8backup/wp-config-ini.php
- hxxp://cloudhub.co[.]ls/modules/wp-config-ini.php
- hxxp://clouditzone[.]com/revolution/assets/wp-config-ini.php
- hxxp://cmhts.co[.]za/resources/wp-config-ini.php
- hxxp://colenesphotography.co[.]za/modules/wp-config-ini.php
- hxxp://comfortex.co[.]za/php/wp-config-ini.php
- hxxp://comsip.org[.]mw//wp-config-ini.php
- hxxp://courtesydriving.co[.]za/js/wp-config-ini.php
- hxxp://crystaltidings.co[.]za//wp-config-ini.php
- hxxp://cupboardcure.co[.]za/vendor/wp-config-ini.php
- hxxp://cybercraft[.]biz/dist/wp-config-ini.php
- hxxp://dailyqadamat[.]com//wp-config-ini.php
- hxxp://debnoch[.]com/image/wp-config-ini.php
- hxxp://deepgraphics.co[.]za//wp-config-ini.php
- hxxp://delcom.co[.]za//wp-config-ini.php
- hxxp://delectronics.com[.]pk//wp-config-ini.php
- hxxp://desirablehair.co[.]za//wp-config-ini.php
- hxxp://dianakleyn.co[.]za/layouts/wp-config-ini.php
- hxxp://diegemmerkat.co[.]za//wp-config-ini.php
- hxxp://digital-cameras-south-africa.co[.]za/script/wp-config-ini.php
- hxxp://domesticguardians.co[.]za/banner/wp-config-ini.php
- hxxp://dpscdgkhan.edu[.]pk/shopping/wp-config-ini.php
- hxxp://eastrandmotorlab.co[.]za/fleet/wp-config-ini.php
- hxxp://ecs-consult[.]com//wp-config-ini.php
- hxxp://edgeforensic.co[.]za//wp-config-ini.php
- hxxp://ednpk[.]com//wp-config-ini.php
- hxxp://elemech.com[.]pk//wp-config-ini.php
- hxxp://embali.co[.]za//wp-config-ini.php
- hxxp://empowerbridge[.]com/projects/abianasystem/wp-config-ini.php
- hxxp://emware.co[.]za//wp-config-ini.php
- hxxp://entracorntrading.co[.]za//wp-config-ini.php
- hxxp://erniecommunications.co[.]za/js/wp-config-ini.php
- hxxp://evansmokaba[.]com/evansmokaba.com/thabiso/wp-config-ini.php
- hxxp://experttutors.co[.]za//wp-config-ini.php
- hxxp://fbrvolume.co[.]za//wp-config-ini.php
- hxxp://fccorp.co[.]za/php/wp-config-ini.php
- hxxp://fickstarelectrical.co[.]za//wp-config-ini.php
- hxxp://finalnewstv[.]com//wp-config-ini.php
- hxxp://findinfo-more[.]com//wp-config-ini.php
- hxxp://firstchoiceproperties.co[.]za//wp-config-ini.php
- hxxp://foryou[.]guru/css/wp-config-ini.php
- hxxp://fourseasonscaterersdecorators[.]com//wp-config-ini.php
- hxxp://fragranceoil.co[.]za//wp-config-ini.php
- hxxp://freeskl[.]com/sports/wp-config-ini.php
- hxxp://fsproperties.co[.]za/engine1/wp-config-ini.php
- hxxp://funeralbusinesssolution[.]com/email_template/wp-config-ini.php
- hxxp://funisalodge.co[.]za/data1/wp-config-ini.php
- hxxp://geetransfers.co[.]za/font-awesome/wp-config-ini.php
- hxxp://genesisbs.co[.]za//wp-config-ini.php
- hxxp://getabletravel.co[.]za/wpscripts/wp-config-ini.php
- hxxp://get-paid-for-online-survey[.]com//wp-config-ini.php
- hxxp://gideonitesprojects[.]com//wp-config-ini.php
- hxxp://glenbridge.co[.]za//wp-config-ini.php
- hxxp://glgroup.co[.]za/images/wp-config-ini.php
- hxxp://globalelectricalandconstruction.co[.]za/wpscripts/wp-config-ini.php
- hxxp://goldeninstitute.co[.]za/contents/wp-config-ini.php
- hxxp://goolinegaming[.]com//wp-config-ini.php
- hxxp://greenacrestf.co[.]za/video/wp-config-ini.php
- hxxp://gsnconsulting.co[.]za//wp-config-ini.php
- hxxp://gvs.com[.]pk/font-awesome/wp-config-ini.php
- hxxp://habibtextiles[.]pk//wp-config-ini.php
- hxxp://hartenboswaterpark.co[.]za/templates/wp-config-ini.php
- hxxp://haveytv[.]com//wp-config-ini.php
- hxxp://havilahglo.co[.]za/wpscripts/wp-config-ini.php
- hxxp://h-dubepromotions.co[.]za//wp-config-ini.php
- hxxp://heritagetravelmw[.]com//wp-config-ini.php
- hxxp://hesterwebber.co[.]za//wp-config-ini.php
- hxxp://highschoolsuperstar.co[.]za/files/wp-config-ini.php
- hxxp://hisandherskennels.co[.]za/php/wp-config-ini.php
- hxxp://hjb-racing.co[.]za/htdocs/wp-config-ini.php
- hxxp://hmholdings360.co[.]za//wp-config-ini.php
- hxxp://host4unix[.]net/host24new/wp-config-ini.php
- hxxp://hosthof[.]pk/customer/wp-config-ini.php
- hxxp://hostingvalley.co[.]uk/downloads/wp-config-ini.php
- hxxp://h-u-i.co[.]za/heiren/wp-config-ini.php
- hxxp://hybridauto.co[.]za/photography/wp-config-ini.php
- hxxp://iggleconsulting[.]com//wp-config-ini.php
- hxxp://iiee.edu[.]pk//wp-config-ini.php
- hxxp://iinvest4u.co[.]za//wp-config-ini.php
- hxxp://immaculatepainters.co[.]za//wp-config-ini.php
- hxxp://in2accounting.co[.]za//wp-config-ini.php
- hxxp://incoso.co[.]za/images/wp-config-ini.php
- hxxp://indiba-africa.co[.]za//wp-config-ini.php
- hxxp://indlovusecurity.co[.]za//wp-config-ini.php
- hxxp://indocraft.co[.]za/test/wp-config-ini.php
- hxxp://insafradio[.]pk/pos/wp-config-ini.php
- hxxp://insta-art.co[.]za//wp-config-ini.php
- hxxp://intelligentprotection.co[.]za//wp-config-ini.php
- hxxp://investaholdings.co[.]za/htc/wp-config-ini.php
- hxxp://iqra.co[.]za/pub/wp-config-ini.php
- hxxp://irshadfoundation.co[.]za//wp-config-ini.php
- hxxp://isibaniedu.co[.]za/admin/wp-config-ini.php
- hxxp://isound.co[.]za//wp-config-ini.php
- hxxp://itengineering.co[.]za/gatewaydiamond/wp-config-ini.php
- hxxp://jakobieducation.co[.]za//wp-config-ini.php
- hxxp://jdcorporate.co[.]za/catalog/wp-config-ini.php
- hxxp://jeanetteproperties.co[.]za//wp-config-ini.php
- hxxp://jhphotoedits.co[.]za//wp-config-ini.php
- hxxp://joyngroup[.]com//wp-config-ini.php
- hxxp://juniorad.co[.]za/vendor/wp-config-ini.php
- hxxp://jvpsfunerals.co[.]za//wp-config-ini.php
- hxxp://jwseshowe.co[.]za/assets/wp-config-ini.php
- hxxp://ladiescircle.co[.]za//wp-config-ini.php
- hxxp://lahorecoolingtower[.]com//wp-config-ini.php
- hxxp://ldams.org[.]ls/supplies/wp-config-ini.php
- hxxp://lensofafrica.co[.]za//wp-config-ini.php
- hxxp://lppaportal.org[.]ls//wp-config-ini.php
- hxxp://luxconprojects.co[.]za//wp-config-ini.php
- hxxp://mailingservers[.]net//wp-config-ini.php
- hxxp://menaboracks.co[.]za/tmp/wp-config-ini.php
- hxxp://mgamule.co[.]za/oldweb/wp-config-ini.php
- hxxp://mokorotlocorporate[.]com//wp-config-ini.php
- hxxp://molepetravel.co[.]ls//wp-config-ini.php
- hxxp://muallematsela[.]com//wp-config-ini.php
- hxxp://mukhtarfeeds[.]com//wp-config-ini.php
- hxxp://oftheearthphotography[.]com/www/wp-config-ini.php
- hxxp://passright.co[.]za//wp-config-ini.php
- hxxp://perfectlabels[.]net//wp-config-ini.php
- hxxp://printernet.co[.]za//wp-config-ini.php
- hxxp://proeventsports.co[.]za/wp-admin/wp-config-ini.php
- hxxp://promechtransport.co[.]za/scripts/wp-config-ini.php
- hxxp://rightwayfoundationpk[.]org/wp-admin/wp-config-ini.php
- hxxp://ryanchristiefurniture.co[.]za//wp-config-ini.php
- hxxps://alceharfield[.]com//wp-config-ini.php
- hxxps://aliart[.]nl//wp-config-ini.php
- hxxps://alterwebhost[.]com//wp-config-ini.php
- hxxps://amishcountryfurnishings[.]com/awstats/wp-config-ini.php
- hxxps://annodle[.]com/wp-includes/wp-config-ini.php
- hxxps://anotherdayinparadise[.]ca//wp-config-ini.php
- hxxps://aquabsafe[.]com//wp-config-ini.php
- hxxps://arhiepiscopiabucurestilor[.]ro/templates/wp-config-ini.php
- hxxp://satuwrite[.]com//wp-config-ini.php
- hxxps://bakayokocpa[.]com/wp-includes/wp-config-ini.php
- hxxps://bednbreakfasthotel[.]com//wp-config-ini.php
- hxxps://bekkersweldingservice[.]nl//wp-config-ini.php
- hxxps://bentivegna[.]es//wp-config-ini.php
- hxxps://bestaxi[.]nl//wp-config-ini.php
- hxxps://bestbedrails[.]reviews//wp-config-ini.php
- hxxps://bestcoolingtowels[.]reviews//wp-config-ini.php
- hxxps://best-dreams[.]com//wp-config-ini.php
- hxxps://besttweezers[.]reviews//wp-config-ini.php
- hxxps://bgadvocaten[.]nl/wp-admin/wp-config-ini.php
- hxxps://blankwebagency[.]com/components/wp-config-ini.php
- hxxps://blockchainadvertisements[.]net//wp-config-ini.php
- hxxps://boatwif.co[.]uk//wp-config-ini.php
- hxxps://bogjerlow[.]com/project/wp-config-ini.php
- hxxps://bosacik[.]sk//wp-config-ini.php
- hxxps://boudua[.]com//wp-config-ini.php
- hxxps://bravori[.]com//wp-config-ini.php
- hxxps://brokedudepodcast[.]com//wp-config-ini.php
- hxxps://buildyoursalon[.]com/wp-includes/wp-config-ini.php
- hxxps://bulinvestconsult[.]com//wp-config-ini.php
- hxxp://sefikengfarm.co[.]ls//wp-config-ini.php
- hxxp://seismicfactory.co[.]za//wp-config-ini.php
- hxxp://seoinlahorepakistan[.]com/clockwork/wp-config-ini.php
- hxxp://serversvalley[.]com//wp-config-ini.php
- hxxp://servicebox.co[.]za//wp-config-ini.php
- hxxps://iconicciti[.]com//wp-config-ini.php
- hxxp://signsoftime.co[.]za//wp-config-ini.php
- hxxps://kamas[.]pk//wp-config-ini.php
- hxxps://lahorewholesalemarket[.]com//wp-config-ini.php
- hxxps://news9pakistan[.]com/wp-includes/wp-config-ini.php
- hxxps://rstextilesourcing[.]com//wp-config-ini.php
- hxxp://sullivanprimary.co[.]za//wp-config-ini.php
- hxxps://www.alvarezarquitectos[.]com//wp-config-ini.php
- hxxps://www.amateurastronomy[.]org//wp-config-ini.php
- hxxps://www.amighini[.]it/webservice/wp-config-ini.php
- hxxps://www.antojoentucocina[.]com//wp-config-ini.php
- hxxps://www.applecartng[.]com//wp-config-ini.php
- hxxps://www.baossdigital[.]com/wp-includes/wp-config-ini.php
- hxxps://www.bcppro[.]com//wp-config-ini.php
- hxxps://www.besman[.]de//wp-config-ini.php
- hxxps://www.biosetinlabs[.]com/wp-admin/wp-config-ini.php
- hxxps://www.blubaytrading[.]com//wp-config-ini.php
- hxxps://www.bmcars[.]nl/wp-admin/wp-config-ini.php
- hxxps://www.bolagsregistrering[.]eu//wp-config-ini.php
- hxxps://www.boutiquesxxx[.]com//wp-config-ini.php
- hxxps://www.brand-stories[.]gr//wp-config-ini.php
- hxxps://www.bridgestobodhi[.]org//wp-config-ini.php
- hxxps://www.buyandenjoy[.]pk//wp-config-ini.php
- hxxps://www.cartridgecave.co[.]za//wp-config-ini.php
- hxxps://www.engeltjieakademie.co[.]za//wp-config-ini.php
- hxxps://www.hosthof[.]com//wp-config-ini.php
- hxxps://www.logicsfort[.]com//wp-config-ini.php
- hxxps://www.theharith[.]com/wp-includes/wp-config-ini.php
- hxxp://tcpbereka.co[.]za/js/wp-config-ini.php
- hxxp://thecompasssolutions.co[.]za//wp-config-ini.php
- hxxp://thelawyerscanvas[.]pk//wp-config-ini.php
- hxxp://themotoringcalendar.co[.]za//wp-config-ini.php
- hxxp://tophillsports[.]com//wp-config-ini.php
- hxxp://tuules[.]com//wp-config-ini.php
- hxxp://ushostinc[.]com/ioncube/wp-config-ini.php
- hxxp://verifiedseller.co[.]za/js/wp-config-ini.php
- hxxp://visionclinic.co[.]ls/visionclinic/wp-config-ini.php
- hxxp://vumavaluations.co[.]za//wp-config-ini.php
- hxxp://webhostinc[.]net//wp-config-ini.php
- hxxp://welcomecaters[.]com//wp-config-ini.php
- hxxp://willpowerpos.co[.]za//wp-config-ini.php
- hxxp://winagainstebola[.]com//wp-config-ini.php
- hxxp://www.abies.co[.]za//wp-config-ini.php
- hxxp://www.acer-parts.co[.]za//wp-config-ini.php
- hxxp://www.advcadsys[.]com//wp-config-ini.php
- hxxp://www.alessioborzuola[.]com/downloads/wp-config-ini.php
- hxxp://www.alfredoposada[.]com//wp-config-ini.php
- hxxp://www.algom-law[.]com//wp-config-ini.php
- hxxp://www.amazingtour[.]pk//wp-config-ini.php
- hxxp://www.amphibiblechurch[.]com/wp-admin/wp-config-ini.php
- hxxp://www.andreabelfi[.]com//wp-config-ini.php
- hxxp://www.andrebruton[.]com//wp-config-ini.php
- hxxp://www.androidwikihow[.]com//wp-config-ini.php
- hxxp://www.animationinisrael[.]org/tmp_images/wp-config-ini.php
- hxxp://www.ariehandomri[.]com//wp-config-ini.php
- hxxp://www.banditrockradio[.]com//wp-config-ini.php
- hxxp://www.bashancorp.co[.]za//wp-config-ini.php
- hxxp://www.bazookagames[.]net//wp-config-ini.php
- hxxp://www.be-indigene[.]be//wp-config-ini.php
- hxxp://www.bertflierdesign[.]nl//wp-config-ini.php
- hxxp://www.bestarticlespinnerr[.]com/wp-admin/wp-config-ini.php
- hxxp://www.bestdecorativemirrors[.]com/more-mirrors/wp-config-ini.php
- hxxp://www.bhakkarrishtey[.]com//wp-config-ini.php
- hxxp://www.bhsmusic[.]net//wp-config-ini.php
- hxxp://www.bioforgehealth[.]org//wp-config-ini.php
- hxxp://www.blattoamsterdam[.]com//wp-config-ini.php
- hxxp://www.braidhairextensions[.]com//wp-config-ini.php
- hxxp://www.brianzashop[.]it//wp-config-ini.php
- hxxp://www.britishasia-equip.co[.]uk//wp-config-ini.php
- hxxp://www.buhlebayoacademy[.]com//wp-config-ini.php
- hxxp://www.centreforgovernance[.]uk//wp-config-ini.php
- hxxp://www.competitiveedoptions[.]com//wp-config-ini.php
- hxxp://www.crissamconsulting.co[.]za//wp-config-ini.php
- hxxp://www.daleth.co[.]za//wp-config-ini.php
- hxxp://www.dingaanassociates.co[.]za//wp-config-ini.php
- hxxp://www.duotonedigital.co[.]za//wp-config-ini.php
- hxxp://www.dws-gov.co[.]za//wp-config-ini.php
- hxxp://www.easy-home-sales.co[.]za//wp-config-ini.php
- hxxp://www.edesignz.co[.]za//wp-config-ini.php
- hxxp://www.exomi[.]es/wp-admin/wp-config-ini.php
- hxxp://www.fun4kidz.co[.]za//wp-config-ini.php
- hxxp://www.galwayprimary.co[.]za//wp-config-ini.php
- hxxp://www.generictoners.co[.]za//wp-config-ini.php
- hxxp://www.getcord.co[.]za//wp-config-ini.php
- hxxp://www.gilforsenate[.]com//wp-config-ini.php
- hxxp://www.goolineb2b[.]com//wp-config-ini.php
- hxxp://www.gooline[.]net//wp-config-ini.php
- hxxp://www.gooline[.]pk//wp-config-ini.php
- hxxp://www.goolinespace[.]com//wp-config-ini.php
- hxxp://www.gsmmid[.]com//wp-config-ini.php
- hxxp://www.harmonyguesthouse.co[.]za//wp-config-ini.php
- hxxp://www.hfhl.org[.]ls/habitat/wp-config-ini.php
- hxxp://www.humorcarbons[.]com//wp-config-ini.php
- hxxp://www.iancullen.co[.]za//wp-config-ini.php
- hxxp://www.icsswaziland[.]com//wp-config-ini.php
- hxxp://www.ieced.com[.]pk//wp-config-ini.php
- hxxp://www.ihlosiqs-pm.co[.]za//wp-config-ini.php
- hxxp://www.infratechconsulting[.]com//wp-config-ini.php
- hxxp://www.khotsonglodge.co[.]ls//wp-config-ini.php
- hxxp://www.koshcreative.co[.]uk/wp-includes/wp-config-ini.php
- hxxp://www.loansonhomes.co[.]za//wp-config-ini.php
- hxxp://www.londonbeautyclinic[.]pk/wp-includes/wp-config-ini.php
- hxxp://www.m-3.co[.]za//wp-config-ini.php
- hxxp://www.malboer.co[.]za/trendy1/wp-config-ini.php
- hxxp://www.mikimaths[.]com//wp-config-ini.php
- hxxp://www.moboradar[.]com/wp-includes/wp-config-ini.php
- hxxp://www.paktechinfo[.]com/wp-includes/wp-config-ini.php
- hxxp://www.rejoicetheatre[.]com//wp-config-ini.php
- hxxp://www.tanati.co[.]za//wp-config-ini.php
- hxxp://www.tonaro.co[.]za//wp-config-ini.php
- hxxp://www.triconfabrication[.]com/wp-includes/wp-config-ini.php
- hxxp://www.wbdrivingschool[.]com//wp-config-ini.php
Tip: 784 related IOCs (0 IP, 389 domain, 389 URL, 0 email, 6 file hash) to this threat have been found.
Overlaps
MuddyWaterMuddyWater Espionage Campaign: A Deep Dive into Malware and Tactics
Source: Picussecurity - March 2022
Detection (five cases): 18cf5795c2208d330bd297c18445a9e25238dd7f28a1a6ef55e2a9239f5748cd, 707d2128a0c326626adef0d3a4cab78562abd82c2bd8ede8cc82f86c01f1e024, 76e9988dad0278998861717c774227bf94112db548946ef617bfaa262cb5e338, 94625dd8151814dd6186735a6a6a87b2a4c71c04b8402caf314fb6f98434eaad, b7b8faac19a58548b28506415f9ece479055e9af0557911ca8bbaa82b483ffb8
MuddyWaterMuddyWater APT's Spear Phishing Campaigns Target Middle East's Sectors
Source: NetWitness - October 2018
Detection (three cases): ambiances-toiles[.]fr, hmholdings360.co[.]za, themotoringcalendar.co[.]za
TEMP.ZagrosMulti-Stage Spear Phishing Attack Traced to Iran: TEMP.Zagros in Action
Source: Mandiant - March 2018
Detection (228 cases): 18cf5795c2208d330bd297c18445a9e25238dd7f28a1a6ef55e2a9239f5748cd, 76e9988dad0278998861717c774227bf94112db548946ef617bfaa262cb5e338, abrahamseed.co[.]za, absfinancialplanning.co[.]za, africanpixels.zar[.]cc, agricolavicuna[.]cl, ahmadhasanat[.]com, alceharfield[.]com, alchimiegrafiche[.]net, alessandrofoglino[.]com, alfredocifuentes[.]com, aliart[.]nl, all2wedding[.]com, allianz.com[.]pe, allisonplumbing[.]com, allsporthealthandfitness[.]com, alphaobring[.]com, alterwebhost[.]com, amatikulutours[.]com, ambiances-toiles[.]fr, amesoulcoaching[.]com, amishcountryfurnishings[.]com, angar68[.]com, annodle[.]com, anotherdayinparadise[.]ca, anubandh[.]in, apalawyers[.]pt, apollonweb[.]com, aqarco[.]com, aquabsafe[.]com, arabsdeals[.]com, architectsinc[.]net, arhiepiscopiabucurestilor[.]ro, bakron.co[.]za, balaateen.co[.]za, beehiveholdingszar.co[.]za, beesrenovations.co[.]za, berped.co[.]za, best-digital-slr-cameras[.]com, bestencouragementwords[.]com, bios-chip.co[.]za, blackthorn.co[.]za, boardaffairs[.]com, breastfeedingbra.co[.]za, broken-arrow.co[.]za, buboobioinnovations.co[.]za, burgercoetzeeattorneys.co[.]za, cafawelding.co[.]za, capetownway.co[.]za, capewindstrading.co[.]za, capitalradiopetition.co[.]za, capriflower.co[.]za, carlagrobler.co[.]za, cashforyousa.co[.]za, cazochem.co[.]za, cdxtrading.co[.]za, centuriongsd.co[.]za, centuryacademy.co[.]za, ceramica.co[.]za, charispaarl.co[.]za, charliewestsecurity.co[.]za, chinamall.co[.]za, chrisdejager-attorneys.co[.]za, chrishanicdc[.]org, clandecor.co[.]za, cloudhub.co[.]ls, cmhts.co[.]za, colenesphotography.co[.]za, comfortex.co[.]za, comsip.org[.]mw, courtesydriving.co[.]za, crystaltidings.co[.]za, cupboardcure.co[.]za, debnoch[.]com, deepgraphics.co[.]za, delcom.co[.]za, delectronics.com[.]pk, desirablehair.co[.]za, dianakleyn.co[.]za, diegemmerkat.co[.]za, digital-cameras-south-africa.co[.]za, domesticguardians.co[.]za, dpscdgkhan.edu[.]pk, eastrandmotorlab.co[.]za, ecs-consult[.]com, edgeforensic.co[.]za, ednpk[.]com, embali.co[.]za, emware.co[.]za, entracorntrading.co[.]za, erniecommunications.co[.]za, evansmokaba[.]com, experttutors.co[.]za, fbrvolume.co[.]za, fccorp.co[.]za, fickstarelectrical.co[.]za, findinfo-more[.]com, firstchoiceproperties.co[.]za, fragranceoil.co[.]za, fsproperties.co[.]za, funeralbusinesssolution[.]com, funisalodge.co[.]za, geetransfers.co[.]za, genesisbs.co[.]za, get-paid-for-online-survey[.]com, getabletravel.co[.]za, gideonitesprojects[.]com, glenbridge.co[.]za, glgroup.co[.]za, globalelectricalandconstruction.co[.]za, goldeninstitute.co[.]za, greenacrestf.co[.]za, gsnconsulting.co[.]za, gvs.com[.]pk, h-dubepromotions.co[.]za, h-u-i.co[.]za, habibtextiles[.]pk, hartenboswaterpark.co[.]za, havilahglo.co[.]za, heritagetravelmw[.]com, hesterwebber.co[.]za, highschoolsuperstar.co[.]za, hisandherskennels.co[.]za, hjb-racing.co[.]za, hmholdings360.co[.]za, host4unix[.]net, hybridauto.co[.]za, iggleconsulting[.]com, iiee.edu[.]pk, iinvest4u.co[.]za, immaculatepainters.co[.]za, in2accounting.co[.]za, incoso.co[.]za, indiba-africa.co[.]za, indlovusecurity.co[.]za, indocraft.co[.]za, insta-art.co[.]za, intelligentprotection.co[.]za, investaholdings.co[.]za, iqra.co[.]za, irshadfoundation.co[.]za, isibaniedu.co[.]za, isound.co[.]za, itengineering.co[.]za, jakobieducation.co[.]za, jdcorporate.co[.]za, jeanetteproperties.co[.]za, jhphotoedits.co[.]za, juniorad.co[.]za, jvpsfunerals.co[.]za, jwseshowe.co[.]za, ladiescircle.co[.]za, ldams.org[.]ls, lensofafrica.co[.]za, lppaportal.org[.]ls, luxconprojects.co[.]za, menaboracks.co[.]za, mgamule.co[.]za, mokorotlocorporate[.]com, molepetravel.co[.]ls, muallematsela[.]com, oftheearthphotography[.]com, passright.co[.]za, printernet.co[.]za, proeventsports.co[.]za, promechtransport.co[.]za, ryanchristiefurniture.co[.]za, sefikengfarm.co[.]ls, seismicfactory.co[.]za, servicebox.co[.]za, signsoftime.co[.]za, sullivanprimary.co[.]za, tcpbereka.co[.]za, thecompasssolutions.co[.]za, themotoringcalendar.co[.]za, verifiedseller.co[.]za, visionclinic.co[.]ls, vumavaluations.co[.]za, willpowerpos.co[.]za, winagainstebola[.]com, www.acer-parts.co[.]za, www.alessioborzuola[.]com, www.alfredoposada[.]com, www.algom-law[.]com, www.alvarezarquitectos[.]com, www.amateurastronomy[.]org, www.amighini[.]it, www.amphibiblechurch[.]com, www.andreabelfi[.]com, www.androidwikihow[.]com, www.animationinisrael[.]org, www.antojoentucocina[.]com, www.ariehandomri[.]com, www.bashancorp.co[.]za, www.bestdecorativemirrors[.]com, www.britishasia-equip.co[.]uk, www.buhlebayoacademy[.]com, www.cartridgecave.co[.]za, www.centreforgovernance[.]uk, www.crissamconsulting.co[.]za, www.daleth.co[.]za, www.dingaanassociates.co[.]za, www.duotonedigital.co[.]za, www.dws-gov.co[.]za, www.easy-home-sales.co[.]za, www.edesignz.co[.]za, www.engeltjieakademie.co[.]za, www.fun4kidz.co[.]za, www.galwayprimary.co[.]za, www.generictoners.co[.]za, www.getcord.co[.]za, www.gilforsenate[.]com, www.gsmmid[.]com, www.harmonyguesthouse.co[.]za, www.hfhl.org[.]ls, www.humorcarbons[.]com, www.iancullen.co[.]za, www.icsswaziland[.]com, www.ihlosiqs-pm.co[.]za, www.infratechconsulting[.]com, www.khotsonglodge.co[.]ls, www.loansonhomes.co[.]za, www.m-3.co[.]za, www.malboer.co[.]za, www.mikimaths[.]com, www.rejoicetheatre[.]com, www.tanati.co[.]za, www.tonaro.co[.]za
MuddyWaterMuddyWater Resurfaces: Cyber Attacks Target Turkey, Pakistan, and Tajikistan
Source: Trend Micro - March 2018
Detection (two cases): 18cf5795c2208d330bd297c18445a9e25238dd7f28a1a6ef55e2a9239f5748cd, 76e9988dad0278998861717c774227bf94112db548946ef617bfaa262cb5e338
Hint: Overlaps are extracted automatically by examining the IOCs associated with all indexed threats and actors.