aka: TEMP.Zagros, Static Kitten, Seedworm, MERCURY, COBALT ULSTER, G0069, ATK51, Boggy Serpens
The MuddyWater attacks are primarily against Middle Eastern nations. However, we have also observed attacks against surrounding nations and beyond, including targets in India and the USA. MuddyWater attacks are characterized by the use of a slowly evolving PowerShell-based first stage backdoor we call “POWERSTATS”. Despite broad scrutiny and reports on MuddyWater attacks, the activity continues with only incremental changes to the tools and techniques.
2023-06-29 ⋅ DeepInstinct ⋅ Simon Kenin, Deep Instinct Threat Lab @online{kenin:20230629:phonyc2:fd380e4,
author = {Simon Kenin and Deep Instinct Threat Lab},
title = {{PhonyC2: Revealing a New Malicious Command & Control Framework by MuddyWater}},
date = {2023-06-29},
organization = {DeepInstinct},
url = {https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater},
language = {English},
urldate = {2023-07-02}
}
PhonyC2: Revealing a New Malicious Command & Control Framework by MuddyWater PhonyC2 POWERSTATS |
2022-07-18 ⋅ Palo Alto Networks Unit 42 ⋅ Unit 42 @online{42:20220718:boggy:69e4bfd,
author = {Unit 42},
title = {{Boggy Serpens}},
date = {2022-07-18},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/atoms/boggyserpens/},
language = {English},
urldate = {2022-07-29}
}
Boggy Serpens POWERSTATS MuddyWater |
2022-06-21 ⋅ Lab52 @online{lab52:20220621:muddywaters:3e100a8,
author = {Lab52},
title = {{MuddyWater’s “light” first-stager targetting Middle East}},
date = {2022-06-21},
url = {https://lab52.io/blog/muddywaters-light-first-stager-targetting-middle-east/},
language = {English},
urldate = {2022-06-22}
}
MuddyWater’s “light” first-stager targetting Middle East Unidentified VBS 004 (RAT) |
2022-05-11 ⋅ NTT Security Holdings ⋅ NTT Security Holdings @online{holdings:20220511:analysis:646c94e,
author = {NTT Security Holdings},
title = {{Analysis of an Iranian APTs “E400” PowGoop Variant Reveals Dozens of Control Servers Dating Back to 2020}},
date = {2022-05-11},
organization = {NTT Security Holdings},
url = {https://www.security.ntt/blog/analysis-of-an-iranian-apts-e400-powgoop-variant},
language = {English},
urldate = {2022-05-25}
}
Analysis of an Iranian APTs “E400” PowGoop Variant Reveals Dozens of Control Servers Dating Back to 2020 PowGoop |
2022-03-12 ⋅ GovInfo Security ⋅ Prajeet Nair @online{nair:20220312:iranian:86d630b,
author = {Prajeet Nair},
title = {{Iranian APT: New Methods to Target Turkey, Arabian Peninsula}},
date = {2022-03-12},
organization = {GovInfo Security},
url = {https://www.govinfosecurity.com/iranian-apt-new-methods-to-target-turkey-arabian-peninsula-a-18706},
language = {English},
urldate = {2022-03-14}
}
Iranian APT: New Methods to Target Turkey, Arabian Peninsula STARWHALE |
2022-03-10 ⋅ Rootdemon ⋅ Rootdaemon @online{rootdaemon:20220310:iranian:6b53790,
author = {Rootdaemon},
title = {{Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign}},
date = {2022-03-10},
organization = {Rootdemon},
url = {https://rootdaemon.com/2022/03/10/iranian-hackers-targeting-turkey-and-arabian-peninsula-in-new-malware-campaign/},
language = {English},
urldate = {2022-03-17}
}
Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign STARWHALE |
2022-03-10 ⋅ TechRepublic ⋅ Brian Stone @online{stone:20220310:muddywater:7f13598,
author = {Brian Stone},
title = {{MuddyWater targets Middle Eastern and Asian countries in phishing attacks}},
date = {2022-03-10},
organization = {TechRepublic},
url = {https://www.techrepublic.com/article/muddywater-targets-middle-eastern-and-asian-countries-in-phishing-attacks/},
language = {English},
urldate = {2022-03-14}
}
MuddyWater targets Middle Eastern and Asian countries in phishing attacks STARWHALE |
2022-03-10 ⋅ Talos ⋅ Vitor Ventura, Asheer Malhotra, Arnaud Zobec @online{ventura:20220310:iranian:02ae681,
author = {Vitor Ventura and Asheer Malhotra and Arnaud Zobec},
title = {{Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups}},
date = {2022-03-10},
organization = {Talos},
url = {https://blog.talosintelligence.com/iranian-supergroup-muddywater/},
language = {English},
urldate = {2022-12-02}
}
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups STARWHALE |
2022-03-10 ⋅ The Hacker News ⋅ Ravie Lakshmanan @online{lakshmanan:20220310:iranian:b7eb161,
author = {Ravie Lakshmanan},
title = {{Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign}},
date = {2022-03-10},
organization = {The Hacker News},
url = {https://thehackernews.com/2022/03/iranian-hackers-targeting-turkey-and.html},
language = {English},
urldate = {2022-03-14}
}
Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign STARWHALE |
2022-02-25 ⋅ infoRisk TODAY ⋅ Prajeet Nair @online{nair:20220225:muddywater:62fb30e,
author = {Prajeet Nair},
title = {{MuddyWater Targets Critical Infrastructure in Asia, Europe}},
date = {2022-02-25},
organization = {infoRisk TODAY},
url = {https://www.inforisktoday.com/muddywater-targets-critical-infrastructure-in-asia-europe-a-18611},
language = {English},
urldate = {2022-03-04}
}
MuddyWater Targets Critical Infrastructure in Asia, Europe POWERSTATS PowGoop STARWHALE GRAMDOOR MoriAgent |
2022-02-24 ⋅ Mandiant ⋅ Ryan Tomcik, Emiel Haeghebaert, Tufail Ahmed @online{tomcik:20220224:left:dfe77e0,
author = {Ryan Tomcik and Emiel Haeghebaert and Tufail Ahmed},
title = {{Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity}},
date = {2022-02-24},
organization = {Mandiant},
url = {https://www.mandiant.com/resources/telegram-malware-iranian-espionage},
language = {English},
urldate = {2022-03-01}
}
Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity STARWHALE GRAMDOOR |
2022-02-24 ⋅ FBI, CISA, CNMF, NCSC UK @online{fbi:20220224:alert:f9ae76b,
author = {FBI and CISA and CNMF and NCSC UK},
title = {{Alert (AA22-055A) Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks}},
date = {2022-02-24},
url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-055a},
language = {English},
urldate = {2022-03-01}
}
Alert (AA22-055A) Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks POWERSTATS PowGoop MoriAgent |
2022-02-24 ⋅ FBI, CISA, CNMF, NCSC UK, NSA @techreport{fbi:20220224:iranian:9117e42,
author = {FBI and CISA and CNMF and NCSC UK and NSA},
title = {{Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks}},
date = {2022-02-24},
institution = {},
url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-055A_Iranian_Government-Sponsored_Actors_Conduct_Cyber_Operations.pdf},
language = {English},
urldate = {2022-03-01}
}
Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks POWERSTATS PowGoop GRAMDOOR MoriAgent |
2022-01-12 ⋅ Sentinel LABS ⋅ Amitai Ben Shushan Ehrlich @online{ehrlich:20220112:wading:52a8e3a,
author = {Amitai Ben Shushan Ehrlich},
title = {{Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor}},
date = {2022-01-12},
organization = {Sentinel LABS},
url = {https://www.sentinelone.com/labs/wading-through-muddy-waters-recent-activity-of-an-iranian-state-sponsored-threat-actor/},
language = {English},
urldate = {2022-01-18}
}
Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor PowGoop |
2022-01-12 ⋅ U.S. Cyber Command ⋅ U.S. Cyber Command @online{command:20220112:iranian:52c412c,
author = {U.S. Cyber Command},
title = {{Iranian intel cyber suite of malware uses open source tools}},
date = {2022-01-12},
organization = {U.S. Cyber Command},
url = {https://www.cybercom.mil/Media/News/Article/2897570/iranian-intel-cyber-suite-of-malware-uses-open-source-tools/},
language = {English},
urldate = {2022-01-25}
}
Iranian intel cyber suite of malware uses open source tools PowGoop MoriAgent |
2021-02-28 ⋅ PWC UK ⋅ PWC UK @techreport{uk:20210228:cyber:bd780cd,
author = {PWC UK},
title = {{Cyber Threats 2020: A Year in Retrospect}},
date = {2021-02-28},
institution = {PWC UK},
url = {https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf},
language = {English},
urldate = {2021-03-04}
}
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
2021-01-13 ⋅ Shells.System blog ⋅ Ahmed Khlief @online{khlief:20210113:reviving:552c0e8,
author = {Ahmed Khlief},
title = {{Reviving MuddyC3 Used by MuddyWater (IRAN) APT}},
date = {2021-01-13},
organization = {Shells.System blog},
url = {https://shells.systems/reviving-leaked-muddyc3-used-by-muddywater-apt/},
language = {English},
urldate = {2021-02-20}
}
Reviving MuddyC3 Used by MuddyWater (IRAN) APT POWERSTATS |
2020-11-03 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20201103:trends:febc159,
author = {GReAT},
title = {{APT trends report Q3 2020}},
date = {2020-11-03},
organization = {Kaspersky Labs},
url = {https://securelist.com/apt-trends-report-q3-2020/99204/},
language = {English},
urldate = {2020-11-04}
}
APT trends report Q3 2020 WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX poisonplug Rover ShadowPad SoreFang Winnti |
2020-10-21 ⋅ CyberScoop ⋅ Sean Lyngaas @online{lyngaas:20201021:muddywater:00082e2,
author = {Sean Lyngaas},
title = {{'MuddyWater' spies suspected in attacks against Middle East governments, telecoms}},
date = {2020-10-21},
organization = {CyberScoop},
url = {https://www.cyberscoop.com/muddywater-iran-symantec-middle-east/},
language = {English},
urldate = {2020-10-23}
}
'MuddyWater' spies suspected in attacks against Middle East governments, telecoms PowGoop |
2020-10-21 ⋅ Symantec ⋅ Threat Hunter Team @online{team:20201021:seedworm:7df9e09,
author = {Threat Hunter Team},
title = {{Seedworm: Iran-Linked Group Continues to Target Organizations in the Middle East}},
date = {2020-10-21},
organization = {Symantec},
url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/seedworm-apt-iran-middle-east},
language = {English},
urldate = {2020-10-23}
}
Seedworm: Iran-Linked Group Continues to Target Organizations in the Middle East PowGoop |
2020-10-15 ⋅ ClearSky ⋅ ClearSky @techreport{clearsky:20201015:operation:dead010,
author = {ClearSky},
title = {{Operation Quicksand: MuddyWater’s Offensive Attack Against Israeli Organizations}},
date = {2020-10-15},
institution = {ClearSky},
url = {https://www.clearskysec.com/wp-content/uploads/2020/10/Operation-Quicksand.pdf},
language = {English},
urldate = {2020-10-21}
}
Operation Quicksand: MuddyWater’s Offensive Attack Against Israeli Organizations PowGoop Covicli |
2020-09-04 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone @online{falcone:20200904:thanos:b5eb551,
author = {Robert Falcone},
title = {{Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa}},
date = {2020-09-04},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/thanos-ransomware/},
language = {English},
urldate = {2020-09-06}
}
Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa PowGoop Hakbit |
2020-06-17 ⋅ Twitter (@Timele9527) ⋅ Timele12138 @online{timele12138:20200617:moriagent:a4986d2,
author = {Timele12138},
title = {{Tweet on MoriAgent uesd by MuddyWater (incl YARA rule)}},
date = {2020-06-17},
organization = {Twitter (@Timele9527)},
url = {https://twitter.com/Timele9527/status/1272776776335233024},
language = {English},
urldate = {2020-06-18}
}
Tweet on MoriAgent uesd by MuddyWater (incl YARA rule) MoriAgent |
2020-05-07 ⋅ paloalto LIVEcommunity ⋅ Mohammed Yasin @online{yasin:20200507:how:a3796cd,
author = {Mohammed Yasin},
title = {{How to stop MortiAgent Malware using the snort rule?}},
date = {2020-05-07},
organization = {paloalto LIVEcommunity},
url = {https://live.paloaltonetworks.com/t5/custom-signatures/how-to-stop-mortiagent-malware-using-the-snort-rule/td-p/326590#},
language = {English},
urldate = {2023-06-19}
}
How to stop MortiAgent Malware using the snort rule? MoriAgent |
2020-01-15 ⋅ Marco Ramilli's Blog ⋅ Marco Ramilli @online{ramilli:20200115:iranian:d37840a,
author = {Marco Ramilli},
title = {{Iranian Threat Actors: Preliminary Analysis}},
date = {2020-01-15},
organization = {Marco Ramilli's Blog},
url = {https://marcoramilli.com/2020/01/15/iranian-threat-actors-preliminary-analysis/},
language = {English},
urldate = {2020-01-17}
}
Iranian Threat Actors: Preliminary Analysis POWERSTATS |
2020-01-07 ⋅ Prevailion ⋅ Danny Adamitis @online{adamitis:20200107:summer:637a53f,
author = {Danny Adamitis},
title = {{Summer Mirage}},
date = {2020-01-07},
organization = {Prevailion},
url = {https://blog.prevailion.com/2020/01/summer-mirage.html},
language = {English},
urldate = {2020-01-12}
}
Summer Mirage POWERSTATS |
2020 ⋅ Secureworks ⋅ SecureWorks @online{secureworks:2020:cobalt:e50c4e9,
author = {SecureWorks},
title = {{COBALT ULSTER}},
date = {2020},
organization = {Secureworks},
url = {http://www.secureworks.com/research/threat-profiles/cobalt-ulster},
language = {English},
urldate = {2020-05-27}
}
COBALT ULSTER POWERSTATS Koadic MuddyWater |
2019-08-01 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20190801:trends:5e25d5b,
author = {GReAT},
title = {{APT trends report Q2 2019}},
date = {2019-08-01},
organization = {Kaspersky Labs},
url = {https://securelist.com/apt-trends-report-q2-2019/91897/},
language = {English},
urldate = {2020-08-13}
}
APT trends report Q2 2019 ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy |
2019-06-10 ⋅ Trend Micro ⋅ Daniel Lunghi, Jaromír Hořejší @online{lunghi:20190610:muddywater:b87a78a,
author = {Daniel Lunghi and Jaromír Hořejší},
title = {{MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools}},
date = {2019-06-10},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/muddywater-resurfaces-uses-multi-stage-backdoor-powerstats-v3-and-new-post-exploitation-tools/},
language = {English},
urldate = {2019-11-27}
}
MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools POWERSTATS |
2019-06-10 ⋅ Trend Micro ⋅ Daniel Lunghi, Jaromír Hořejší @techreport{lunghi:20190610:new:4f86b75,
author = {Daniel Lunghi and Jaromír Hořejší},
title = {{New MuddyWater Activities Uncovered: Threat Actors Used Multi-Stage Backdoors, New Post-Exploitation Tools, Android Malware, and More}},
date = {2019-06-10},
institution = {Trend Micro},
url = {https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf},
language = {English},
urldate = {2020-01-08}
}
New MuddyWater Activities Uncovered: Threat Actors Used Multi-Stage Backdoors, New Post-Exploitation Tools, Android Malware, and More Mudwater SHARPSTATS |
2019-05-29 ⋅ Group-IB ⋅ Group-IB @online{groupib:20190529:catching:7efa4c2,
author = {Group-IB},
title = {{Catching fish in muddy waters}},
date = {2019-05-29},
organization = {Group-IB},
url = {https://www.group-ib.com/blog/muddywater/},
language = {English},
urldate = {2023-06-19}
}
Catching fish in muddy waters POWERSTATS |
2019-05-20 ⋅ Cisco ⋅ Danny Adamitis, David Maynor, Kendall McKay @online{adamitis:20190520:recent:4bb543f,
author = {Danny Adamitis and David Maynor and Kendall McKay},
title = {{Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques}},
date = {2019-05-20},
organization = {Cisco},
url = {https://blog.talosintelligence.com/2019/05/recent-muddywater-associated-blackwater.html},
language = {English},
urldate = {2020-01-07}
}
Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques MuddyWater |
2019-05-09 ⋅ ZDNet ⋅ Catalin Cimpanu @online{cimpanu:20190509:new:f8a3f46,
author = {Catalin Cimpanu},
title = {{New leaks of Iranian cyber-espionage operations hit Telegram and the Dark Web}},
date = {2019-05-09},
organization = {ZDNet},
url = {https://www.zdnet.com/article/new-leaks-of-iranian-cyber-espionage-operations-hit-telegram-and-the-dark-web/},
language = {English},
urldate = {2020-01-09}
}
New leaks of Iranian cyber-espionage operations hit Telegram and the Dark Web MuddyWater |
2019-04-15 ⋅ ClearSky ⋅ ClearSky Research Team @online{team:20190415:iranian:5a7f4ff,
author = {ClearSky Research Team},
title = {{Iranian APT MuddyWater Attack Infrastructure Targeting Kurdish Political Groups and Organizations in Turkey}},
date = {2019-04-15},
organization = {ClearSky},
url = {https://www.clearskysec.com/muddywater-targets-kurdish-groups-turkish-orgs/},
language = {English},
urldate = {2020-01-07}
}
Iranian APT MuddyWater Attack Infrastructure Targeting Kurdish Political Groups and Organizations in Turkey POWERSTATS MuddyWater |
2019-04-10 ⋅ Check Point ⋅ Check Point Research @online{research:20190410:muddy:b75ef4a,
author = {Check Point Research},
title = {{The Muddy Waters of APT Attacks}},
date = {2019-04-10},
organization = {Check Point},
url = {https://research.checkpoint.com/2019/the-muddy-waters-of-apt-attacks/},
language = {English},
urldate = {2023-07-10}
}
The Muddy Waters of APT Attacks POWERSTATS |
2019-03-21 ⋅ Qianxin ⋅ Qi Anxin @online{anxin:20190321:analysis:952c16d,
author = {Qi Anxin},
title = {{Analysis of the latest attack activities of the suspected MuddyWater APT group against the Iraqi mobile operator Korek Telecom}},
date = {2019-03-21},
organization = {Qianxin},
url = {https://mp.weixin.qq.com/s/NN_iRvwA6yOHFS9Z3A0RBA},
language = {Chinese},
urldate = {2023-09-12}
}
Analysis of the latest attack activities of the suspected MuddyWater APT group against the Iraqi mobile operator Korek Telecom POWERSTATS |
2019 ⋅ Council on Foreign Relations ⋅ Cyber Operations Tracker @online{tracker:2019:muddywater:1c29dc0,
author = {Cyber Operations Tracker},
title = {{MuddyWater}},
date = {2019},
organization = {Council on Foreign Relations},
url = {https://www.cfr.org/interactive/cyber-operations/muddywater},
language = {English},
urldate = {2019-12-20}
}
MuddyWater MuddyWater |
2019 ⋅ MITRE ⋅ MITRE ATT&CK @online{attck:2019:muddywater:b990d10,
author = {MITRE ATT&CK},
title = {{Group description: MuddyWater}},
date = {2019},
organization = {MITRE},
url = {https://attack.mitre.org/groups/G0069/},
language = {English},
urldate = {2019-12-20}
}
Group description: MuddyWater MuddyWater |
2018-12-10 ⋅ Symantec ⋅ Symantec DeepSight Adversary Intelligence Team @online{team:20181210:seedworm:d6dba3c,
author = {Symantec DeepSight Adversary Intelligence Team},
title = {{Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms}},
date = {2018-12-10},
organization = {Symantec},
url = {https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group},
language = {English},
urldate = {2019-11-17}
}
Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms MuddyWater |
2018-11-28 ⋅ ClearSky ⋅ ClearSky Research Team @online{team:20181128:muddywater:89a520f,
author = {ClearSky Research Team},
title = {{MuddyWater Operations in Lebanon and Oman}},
date = {2018-11-28},
organization = {ClearSky},
url = {https://www.clearskysec.com/muddywater-operations-in-lebanon-and-oman/},
language = {English},
urldate = {2019-07-09}
}
MuddyWater Operations in Lebanon and Oman POWERSTATS |
2018-11 ⋅ ClearSky ⋅ ClearSky Cyber Security @techreport{security:201811:muddywater:d68be0b,
author = {ClearSky Cyber Security},
title = {{MuddyWater Operations in Lebanon and Oman}},
date = {2018-11},
institution = {ClearSky},
url = {https://www.clearskysec.com/wp-content/uploads/2018/11/MuddyWater-Operations-in-Lebanon-and-Oman.pdf},
language = {English},
urldate = {2020-01-08}
}
MuddyWater Operations in Lebanon and Oman MuddyWater |
2018-10-10 ⋅ Kaspersky Labs ⋅ GReAT @online{great:20181010:muddywater:12992b3,
author = {GReAT},
title = {{MuddyWater expands operations}},
date = {2018-10-10},
organization = {Kaspersky Labs},
url = {https://securelist.com/muddywater/88059/},
language = {English},
urldate = {2019-12-20}
}
MuddyWater expands operations MuddyWater |
2018-06-14 ⋅ Trend Micro ⋅ Michael Villanueva, Martin Co @online{villanueva:20180614:another:80ffc5f,
author = {Michael Villanueva and Martin Co},
title = {{Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor}},
date = {2018-06-14},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/another-potential-muddywater-campaign-uses-powershell-based-prb-backdoor/},
language = {English},
urldate = {2020-01-12}
}
Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor MuddyWater |
2018-06-06 ⋅ ClearSky ⋅ ClearSky Cyber Security @techreport{security:20180606:iranian:5347a63,
author = {ClearSky Cyber Security},
title = {{Iranian APT group ‘MuddyWater’ Adds Exploits to Their Arsenal}},
date = {2018-06-06},
institution = {ClearSky},
url = {https://www.clearskysec.com/wp-content/uploads/2019/06/Clearsky-Iranian-APT-group-%E2%80%98MuddyWater%E2%80%99-Adds-Exploits-to-Their-Arsenal.pdf},
language = {English},
urldate = {2023-06-19}
}
Iranian APT group ‘MuddyWater’ Adds Exploits to Their Arsenal POWERSTATS |
2018-05-08 ⋅ Security 0wnage ⋅ Mo Bustami @online{bustami:20180508:clearing:fbf1a99,
author = {Mo Bustami},
title = {{Clearing the MuddyWater - Analysis of new MuddyWater Samples}},
date = {2018-05-08},
organization = {Security 0wnage},
url = {https://sec0wn.blogspot.com/2018/05/clearing-muddywater-analysis-of-new.html},
language = {English},
urldate = {2023-06-19}
}
Clearing the MuddyWater - Analysis of new MuddyWater Samples POWERSTATS |
2018-03-22 ⋅ Sekoia ⋅ sekoia @online{sekoia:20180322:falling:c04d81f,
author = {sekoia},
title = {{Falling on MuddyWater}},
date = {2018-03-22},
organization = {Sekoia},
url = {https://web.archive.org/web/20180807105755/https://www.sekoia.fr/blog/falling-on-muddywater/},
language = {English},
urldate = {2023-06-19}
}
Falling on MuddyWater POWERSTATS |
2018-03-13 ⋅ FireEye ⋅ Sudeep Singh, Dileep Kumar Jallepalli, Yogesh Londhe, Ben Read @online{singh:20180313:iranian:3542dc9,
author = {Sudeep Singh and Dileep Kumar Jallepalli and Yogesh Londhe and Ben Read},
title = {{Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign}},
date = {2018-03-13},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2018/03/iranian-threat-group-updates-ttps-in-spear-phishing-campaign.html},
language = {English},
urldate = {2019-12-20}
}
Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign POWERSTATS MuddyWater |
2018-03-12 ⋅ Trend Micro ⋅ Jaromír Hořejší @online{hoej:20180312:campaign:00eb661,
author = {Jaromír Hořejší},
title = {{Campaign Possibly Connected to “MuddyWater” Surfaces in the Middle East and Central Asia}},
date = {2018-03-12},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/campaign-possibly-connected-muddywater-surfaces-middle-east-central-asia/},
language = {English},
urldate = {2020-01-13}
}
Campaign Possibly Connected to “MuddyWater” Surfaces in the Middle East and Central Asia POWERSTATS MuddyWater |
2018-03-01 ⋅ Security 0wnage ⋅ Mo Bustami @online{bustami:20180301:quick:0c82eea,
author = {Mo Bustami},
title = {{A Quick Dip into MuddyWater's Recent Activity}},
date = {2018-03-01},
organization = {Security 0wnage},
url = {https://sec0wn.blogspot.com/2018/03/a-quick-dip-into-muddywaters-recent.html},
language = {English},
urldate = {2023-06-19}
}
A Quick Dip into MuddyWater's Recent Activity POWERSTATS |
2018-01-02 ⋅ Security 0wnage ⋅ Mo Bustami @online{bustami:20180102:burping:c29dd52,
author = {Mo Bustami},
title = {{Burping on MuddyWater}},
date = {2018-01-02},
organization = {Security 0wnage},
url = {https://sec0wn.blogspot.com/2018/02/burping-on-muddywater.html},
language = {English},
urldate = {2023-06-19}
}
Burping on MuddyWater POWERSTATS |
2017-11-22 ⋅ Reaqta ⋅ Reaqta @online{reaqta:20171122:dive:5c67031,
author = {Reaqta},
title = {{A dive into MuddyWater APT targeting Middle-East}},
date = {2017-11-22},
organization = {Reaqta},
url = {https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/},
language = {English},
urldate = {2020-01-08}
}
A dive into MuddyWater APT targeting Middle-East POWERSTATS |
2017-11-14 ⋅ Palo Alto Networks Unit 42 ⋅ Tom Lancaster @online{lancaster:20171114:muddying:aa0467a,
author = {Tom Lancaster},
title = {{Muddying the Water: Targeted Attacks in the Middle East}},
date = {2017-11-14},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/unit42-muddying-the-water-targeted-attacks-in-the-middle-east/},
language = {English},
urldate = {2020-01-08}
}
Muddying the Water: Targeted Attacks in the Middle East POWERSTATS MuddyWater |
2017-10-04 ⋅ Security 0wnage ⋅ Mo Bustami @online{bustami:20171004:continued:0703924,
author = {Mo Bustami},
title = {{Continued Activity targeting the Middle East}},
date = {2017-10-04},
organization = {Security 0wnage},
url = {https://sec0wn.blogspot.com/2017/10/continued-activity-targeting-middle-east.html},
language = {English},
urldate = {2023-06-19}
}
Continued Activity targeting the Middle East POWERSTATS |
2017-09-26 ⋅ Malwarebytes ⋅ Malwarebytes Labs @online{labs:20170926:elaborate:bed9adc,
author = {Malwarebytes Labs},
title = {{Elaborate scripting-fu used in espionage attack against Saudi Arabia Government entity}},
date = {2017-09-26},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2017/09/elaborate-scripting-fu-used-in-espionage-attack-against-saudi-arabia-government_entity/},
language = {English},
urldate = {2019-12-20}
}
Elaborate scripting-fu used in espionage attack against Saudi Arabia Government entity POWERSTATS |