aka: TEMP.Zagros, Static Kitten, Seedworm, MERCURY, COBALT ULSTER, G0069, ATK51, Boggy Serpens
The MuddyWater attacks are primarily against Middle Eastern nations. However, we have also observed attacks against surrounding nations and beyond, including targets in India and the USA. MuddyWater attacks are characterized by the use of a slowly evolving PowerShell-based first stage backdoor we call “POWERSTATS”. Despite broad scrutiny and reports on MuddyWater attacks, the activity continues with only incremental changes to the tools and techniques.
2023-06-29 ⋅ DeepInstinct ⋅ Simon Kenin, Deep Instinct Threat Lab
@online{kenin:20230629:phonyc2:fd380e4,
author = {Simon Kenin and Deep Instinct Threat Lab},
title = {{PhonyC2: Revealing a New Malicious Command & Control Framework by MuddyWater}},
date = {2023-06-29},
organization = {DeepInstinct},
url = {https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater},
language = {English},
urldate = {2023-07-02}
}
PhonyC2: Revealing a New Malicious Command & Control Framework by MuddyWater
PhonyC2 POWERSTATS |
2022-07-18 ⋅ Palo Alto Networks Unit 42 ⋅ Unit 42
@online{42:20220718:boggy:69e4bfd,
author = {Unit 42},
title = {{Boggy Serpens}},
date = {2022-07-18},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/atoms/boggyserpens/},
language = {English},
urldate = {2022-07-29}
}
Boggy Serpens
POWERSTATS MuddyWater |
2022-06-21 ⋅ Lab52
@online{lab52:20220621:muddywaters:3e100a8,
author = {Lab52},
title = {{MuddyWater’s “light” first-stager targetting Middle East}},
date = {2022-06-21},
url = {https://lab52.io/blog/muddywaters-light-first-stager-targetting-middle-east/},
language = {English},
urldate = {2022-06-22}
}
MuddyWater’s “light” first-stager targetting Middle East
Unidentified VBS 004 (RAT) |
2022-05-11 ⋅ NTT Security Holdings ⋅ NTT Security Holdings
@online{holdings:20220511:analysis:646c94e,
author = {NTT Security Holdings},
title = {{Analysis of an Iranian APTs “E400” PowGoop Variant Reveals Dozens of Control Servers Dating Back to 2020}},
date = {2022-05-11},
organization = {NTT Security Holdings},
url = {https://www.security.ntt/blog/analysis-of-an-iranian-apts-e400-powgoop-variant},
language = {English},
urldate = {2022-05-25}
}
Analysis of an Iranian APTs “E400” PowGoop Variant Reveals Dozens of Control Servers Dating Back to 2020
PowGoop |
2022-03-12 ⋅ GovInfo Security ⋅ Prajeet Nair
@online{nair:20220312:iranian:86d630b,
author = {Prajeet Nair},
title = {{Iranian APT: New Methods to Target Turkey, Arabian Peninsula}},
date = {2022-03-12},
organization = {GovInfo Security},
url = {https://www.govinfosecurity.com/iranian-apt-new-methods-to-target-turkey-arabian-peninsula-a-18706},
language = {English},
urldate = {2022-03-14}
}
Iranian APT: New Methods to Target Turkey, Arabian Peninsula
STARWHALE |
2022-03-10 ⋅ Rootdemon ⋅ Rootdaemon
@online{rootdaemon:20220310:iranian:6b53790,
author = {Rootdaemon},
title = {{Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign}},
date = {2022-03-10},
organization = {Rootdemon},
url = {https://rootdaemon.com/2022/03/10/iranian-hackers-targeting-turkey-and-arabian-peninsula-in-new-malware-campaign/},
language = {English},
urldate = {2022-03-17}
}
Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign
STARWHALE |
2022-03-10 ⋅ TechRepublic ⋅ Brian Stone
@online{stone:20220310:muddywater:7f13598,
author = {Brian Stone},
title = {{MuddyWater targets Middle Eastern and Asian countries in phishing attacks}},
date = {2022-03-10},
organization = {TechRepublic},
url = {https://www.techrepublic.com/article/muddywater-targets-middle-eastern-and-asian-countries-in-phishing-attacks/},
language = {English},
urldate = {2022-03-14}
}
MuddyWater targets Middle Eastern and Asian countries in phishing attacks
STARWHALE |
2022-03-10 ⋅ Talos ⋅ Vitor Ventura, Asheer Malhotra, Arnaud Zobec
@online{ventura:20220310:iranian:02ae681,
author = {Vitor Ventura and Asheer Malhotra and Arnaud Zobec},
title = {{Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups}},
date = {2022-03-10},
organization = {Talos},
url = {https://blog.talosintelligence.com/iranian-supergroup-muddywater/},
language = {English},
urldate = {2022-12-02}
}
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
STARWHALE |
2022-03-10 ⋅ The Hacker News ⋅ Ravie Lakshmanan
@online{lakshmanan:20220310:iranian:b7eb161,
author = {Ravie Lakshmanan},
title = {{Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign}},
date = {2022-03-10},
organization = {The Hacker News},
url = {https://thehackernews.com/2022/03/iranian-hackers-targeting-turkey-and.html},
language = {English},
urldate = {2022-03-14}
}
Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign
STARWHALE |
2022-02-25 ⋅ infoRisk TODAY ⋅ Prajeet Nair
@online{nair:20220225:muddywater:62fb30e,
author = {Prajeet Nair},
title = {{MuddyWater Targets Critical Infrastructure in Asia, Europe}},
date = {2022-02-25},
organization = {infoRisk TODAY},
url = {https://www.inforisktoday.com/muddywater-targets-critical-infrastructure-in-asia-europe-a-18611},
language = {English},
urldate = {2022-03-04}
}
MuddyWater Targets Critical Infrastructure in Asia, Europe
POWERSTATS PowGoop STARWHALE GRAMDOOR MoriAgent |
2022-02-24 ⋅ Mandiant ⋅ Ryan Tomcik, Emiel Haeghebaert, Tufail Ahmed
@online{tomcik:20220224:left:dfe77e0,
author = {Ryan Tomcik and Emiel Haeghebaert and Tufail Ahmed},
title = {{Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity}},
date = {2022-02-24},
organization = {Mandiant},
url = {https://www.mandiant.com/resources/telegram-malware-iranian-espionage},
language = {English},
urldate = {2022-03-01}
}
Left On Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity
STARWHALE GRAMDOOR |
2022-02-24 ⋅ FBI, CISA, CNMF, NCSC UK
@online{fbi:20220224:alert:f9ae76b,
author = {FBI and CISA and CNMF and NCSC UK},
title = {{Alert (AA22-055A) Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks}},
date = {2022-02-24},
url = {https://www.cisa.gov/uscert/ncas/alerts/aa22-055a},
language = {English},
urldate = {2022-03-01}
}
Alert (AA22-055A) Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks
POWERSTATS PowGoop MoriAgent |
2022-02-24 ⋅ FBI, CISA, CNMF, NCSC UK, NSA
@techreport{fbi:20220224:iranian:9117e42,
author = {FBI and CISA and CNMF and NCSC UK and NSA},
title = {{Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks}},
date = {2022-02-24},
institution = {},
url = {https://www.cisa.gov/uscert/sites/default/files/publications/AA22-055A_Iranian_Government-Sponsored_Actors_Conduct_Cyber_Operations.pdf},
language = {English},
urldate = {2022-03-01}
}
Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks
POWERSTATS PowGoop GRAMDOOR MoriAgent |
2022-01-12 ⋅ Sentinel LABS ⋅ Amitai Ben Shushan Ehrlich
@online{ehrlich:20220112:wading:52a8e3a,
author = {Amitai Ben Shushan Ehrlich},
title = {{Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor}},
date = {2022-01-12},
organization = {Sentinel LABS},
url = {https://www.sentinelone.com/labs/wading-through-muddy-waters-recent-activity-of-an-iranian-state-sponsored-threat-actor/},
language = {English},
urldate = {2022-01-18}
}
Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor
PowGoop |
2022-01-12 ⋅ U.S. Cyber Command ⋅ U.S. Cyber Command
@online{command:20220112:iranian:52c412c,
author = {U.S. Cyber Command},
title = {{Iranian intel cyber suite of malware uses open source tools}},
date = {2022-01-12},
organization = {U.S. Cyber Command},
url = {https://www.cybercom.mil/Media/News/Article/2897570/iranian-intel-cyber-suite-of-malware-uses-open-source-tools/},
language = {English},
urldate = {2022-01-25}
}
Iranian intel cyber suite of malware uses open source tools
PowGoop MoriAgent |
2021-02-28 ⋅ PWC UK ⋅ PWC UK
@techreport{uk:20210228:cyber:bd780cd,
author = {PWC UK},
title = {{Cyber Threats 2020: A Year in Retrospect}},
date = {2021-02-28},
institution = {PWC UK},
url = {https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf},
language = {English},
urldate = {2021-03-04}
}
Cyber Threats 2020: A Year in Retrospect
elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
2021-01-13 ⋅ Shells.System blog ⋅ Ahmed Khlief
@online{khlief:20210113:reviving:552c0e8,
author = {Ahmed Khlief},
title = {{Reviving MuddyC3 Used by MuddyWater (IRAN) APT}},
date = {2021-01-13},
organization = {Shells.System blog},
url = {https://shells.systems/reviving-leaked-muddyc3-used-by-muddywater-apt/},
language = {English},
urldate = {2021-02-20}
}
Reviving MuddyC3 Used by MuddyWater (IRAN) APT
POWERSTATS |
2020-11-03 ⋅ Kaspersky Labs ⋅ GReAT
@online{great:20201103:trends:febc159,
author = {GReAT},
title = {{APT trends report Q3 2020}},
date = {2020-11-03},
organization = {Kaspersky Labs},
url = {https://securelist.com/apt-trends-report-q3-2020/99204/},
language = {English},
urldate = {2020-11-04}
}
APT trends report Q3 2020
WellMail EVILNUM Janicab Poet RAT AsyncRAT Ave Maria Cobalt Strike Crimson RAT CROSSWALK Dtrack LODEINFO MoriAgent Okrum PlugX poisonplug Rover ShadowPad SoreFang Winnti |
2020-10-21 ⋅ CyberScoop ⋅ Sean Lyngaas
@online{lyngaas:20201021:muddywater:00082e2,
author = {Sean Lyngaas},
title = {{'MuddyWater' spies suspected in attacks against Middle East governments, telecoms}},
date = {2020-10-21},
organization = {CyberScoop},
url = {https://www.cyberscoop.com/muddywater-iran-symantec-middle-east/},
language = {English},
urldate = {2020-10-23}
}
'MuddyWater' spies suspected in attacks against Middle East governments, telecoms
PowGoop |
2020-10-21 ⋅ Symantec ⋅ Threat Hunter Team
@online{team:20201021:seedworm:7df9e09,
author = {Threat Hunter Team},
title = {{Seedworm: Iran-Linked Group Continues to Target Organizations in the Middle East}},
date = {2020-10-21},
organization = {Symantec},
url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/seedworm-apt-iran-middle-east},
language = {English},
urldate = {2020-10-23}
}
Seedworm: Iran-Linked Group Continues to Target Organizations in the Middle East
PowGoop |
2020-10-15 ⋅ ClearSky ⋅ ClearSky
@techreport{clearsky:20201015:operation:dead010,
author = {ClearSky},
title = {{Operation Quicksand: MuddyWater’s Offensive Attack Against Israeli Organizations}},
date = {2020-10-15},
institution = {ClearSky},
url = {https://www.clearskysec.com/wp-content/uploads/2020/10/Operation-Quicksand.pdf},
language = {English},
urldate = {2020-10-21}
}
Operation Quicksand: MuddyWater’s Offensive Attack Against Israeli Organizations
PowGoop Covicli |
2020-09-04 ⋅ Palo Alto Networks Unit 42 ⋅ Robert Falcone
@online{falcone:20200904:thanos:b5eb551,
author = {Robert Falcone},
title = {{Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa}},
date = {2020-09-04},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/thanos-ransomware/},
language = {English},
urldate = {2020-09-06}
}
Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa
PowGoop Hakbit |
2020-06-17 ⋅ Twitter (@Timele9527) ⋅ Timele12138
@online{timele12138:20200617:moriagent:a4986d2,
author = {Timele12138},
title = {{Tweet on MoriAgent uesd by MuddyWater (incl YARA rule)}},
date = {2020-06-17},
organization = {Twitter (@Timele9527)},
url = {https://twitter.com/Timele9527/status/1272776776335233024},
language = {English},
urldate = {2020-06-18}
}
Tweet on MoriAgent uesd by MuddyWater (incl YARA rule)
MoriAgent |
2020-05-07 ⋅ paloalto LIVEcommunity ⋅ Mohammed Yasin
@online{yasin:20200507:how:a3796cd,
author = {Mohammed Yasin},
title = {{How to stop MortiAgent Malware using the snort rule?}},
date = {2020-05-07},
organization = {paloalto LIVEcommunity},
url = {https://live.paloaltonetworks.com/t5/custom-signatures/how-to-stop-mortiagent-malware-using-the-snort-rule/td-p/326590#},
language = {English},
urldate = {2023-06-19}
}
How to stop MortiAgent Malware using the snort rule?
MoriAgent |
2020-01-15 ⋅ Marco Ramilli's Blog ⋅ Marco Ramilli
@online{ramilli:20200115:iranian:d37840a,
author = {Marco Ramilli},
title = {{Iranian Threat Actors: Preliminary Analysis}},
date = {2020-01-15},
organization = {Marco Ramilli's Blog},
url = {https://marcoramilli.com/2020/01/15/iranian-threat-actors-preliminary-analysis/},
language = {English},
urldate = {2020-01-17}
}
Iranian Threat Actors: Preliminary Analysis
POWERSTATS |
2020-01-07 ⋅ Prevailion ⋅ Danny Adamitis
@online{adamitis:20200107:summer:637a53f,
author = {Danny Adamitis},
title = {{Summer Mirage}},
date = {2020-01-07},
organization = {Prevailion},
url = {https://blog.prevailion.com/2020/01/summer-mirage.html},
language = {English},
urldate = {2020-01-12}
}
Summer Mirage
POWERSTATS |
2020 ⋅ Secureworks ⋅ SecureWorks
@online{secureworks:2020:cobalt:e50c4e9,
author = {SecureWorks},
title = {{COBALT ULSTER}},
date = {2020},
organization = {Secureworks},
url = {http://www.secureworks.com/research/threat-profiles/cobalt-ulster},
language = {English},
urldate = {2020-05-27}
}
COBALT ULSTER
POWERSTATS Koadic MuddyWater |
2019-08-01 ⋅ Kaspersky Labs ⋅ GReAT
@online{great:20190801:trends:5e25d5b,
author = {GReAT},
title = {{APT trends report Q2 2019}},
date = {2019-08-01},
organization = {Kaspersky Labs},
url = {https://securelist.com/apt-trends-report-q2-2019/91897/},
language = {English},
urldate = {2020-08-13}
}
APT trends report Q2 2019
ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy |
2019-06-10 ⋅ Trend Micro ⋅ Daniel Lunghi, Jaromír Hořejší
@online{lunghi:20190610:muddywater:b87a78a,
author = {Daniel Lunghi and Jaromír Hořejší},
title = {{MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools}},
date = {2019-06-10},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/muddywater-resurfaces-uses-multi-stage-backdoor-powerstats-v3-and-new-post-exploitation-tools/},
language = {English},
urldate = {2019-11-27}
}
MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools
POWERSTATS |
2019-06-10 ⋅ Trend Micro ⋅ Daniel Lunghi, Jaromír Hořejší
@techreport{lunghi:20190610:new:4f86b75,
author = {Daniel Lunghi and Jaromír Hořejší},
title = {{New MuddyWater Activities Uncovered: Threat Actors Used Multi-Stage Backdoors, New Post-Exploitation Tools, Android Malware, and More}},
date = {2019-06-10},
institution = {Trend Micro},
url = {https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf},
language = {English},
urldate = {2020-01-08}
}
New MuddyWater Activities Uncovered: Threat Actors Used Multi-Stage Backdoors, New Post-Exploitation Tools, Android Malware, and More
Mudwater SHARPSTATS |
2019-05-29 ⋅ Group-IB ⋅ Group-IB
@online{groupib:20190529:catching:7efa4c2,
author = {Group-IB},
title = {{Catching fish in muddy waters}},
date = {2019-05-29},
organization = {Group-IB},
url = {https://www.group-ib.com/blog/muddywater/},
language = {English},
urldate = {2023-06-19}
}
Catching fish in muddy waters
POWERSTATS |
2019-05-20 ⋅ Cisco ⋅ Danny Adamitis, David Maynor, Kendall McKay
@online{adamitis:20190520:recent:4bb543f,
author = {Danny Adamitis and David Maynor and Kendall McKay},
title = {{Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques}},
date = {2019-05-20},
organization = {Cisco},
url = {https://blog.talosintelligence.com/2019/05/recent-muddywater-associated-blackwater.html},
language = {English},
urldate = {2020-01-07}
}
Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques
MuddyWater |
2019-05-09 ⋅ ZDNet ⋅ Catalin Cimpanu
@online{cimpanu:20190509:new:f8a3f46,
author = {Catalin Cimpanu},
title = {{New leaks of Iranian cyber-espionage operations hit Telegram and the Dark Web}},
date = {2019-05-09},
organization = {ZDNet},
url = {https://www.zdnet.com/article/new-leaks-of-iranian-cyber-espionage-operations-hit-telegram-and-the-dark-web/},
language = {English},
urldate = {2020-01-09}
}
New leaks of Iranian cyber-espionage operations hit Telegram and the Dark Web
MuddyWater |
2019-04-15 ⋅ ClearSky ⋅ ClearSky Research Team
@online{team:20190415:iranian:5a7f4ff,
author = {ClearSky Research Team},
title = {{Iranian APT MuddyWater Attack Infrastructure Targeting Kurdish Political Groups and Organizations in Turkey}},
date = {2019-04-15},
organization = {ClearSky},
url = {https://www.clearskysec.com/muddywater-targets-kurdish-groups-turkish-orgs/},
language = {English},
urldate = {2020-01-07}
}
Iranian APT MuddyWater Attack Infrastructure Targeting Kurdish Political Groups and Organizations in Turkey
POWERSTATS MuddyWater |
2019-04-10 ⋅ Check Point ⋅ Check Point Research
@online{research:20190410:muddy:b75ef4a,
author = {Check Point Research},
title = {{The Muddy Waters of APT Attacks}},
date = {2019-04-10},
organization = {Check Point},
url = {https://research.checkpoint.com/2019/the-muddy-waters-of-apt-attacks/},
language = {English},
urldate = {2023-07-10}
}
The Muddy Waters of APT Attacks
POWERSTATS |
2019-03-21 ⋅ Qianxin ⋅ Qi Anxin
@online{anxin:20190321:analysis:952c16d,
author = {Qi Anxin},
title = {{Analysis of the latest attack activities of the suspected MuddyWater APT group against the Iraqi mobile operator Korek Telecom}},
date = {2019-03-21},
organization = {Qianxin},
url = {https://mp.weixin.qq.com/s/NN_iRvwA6yOHFS9Z3A0RBA},
language = {Chinese},
urldate = {2023-09-12}
}
Analysis of the latest attack activities of the suspected MuddyWater APT group against the Iraqi mobile operator Korek Telecom
POWERSTATS |
2019 ⋅ Council on Foreign Relations ⋅ Cyber Operations Tracker
@online{tracker:2019:muddywater:1c29dc0,
author = {Cyber Operations Tracker},
title = {{MuddyWater}},
date = {2019},
organization = {Council on Foreign Relations},
url = {https://www.cfr.org/interactive/cyber-operations/muddywater},
language = {English},
urldate = {2019-12-20}
}
MuddyWater
MuddyWater |
2019 ⋅ MITRE ⋅ MITRE ATT&CK
@online{attck:2019:muddywater:b990d10,
author = {MITRE ATT&CK},
title = {{Group description: MuddyWater}},
date = {2019},
organization = {MITRE},
url = {https://attack.mitre.org/groups/G0069/},
language = {English},
urldate = {2019-12-20}
}
Group description: MuddyWater
MuddyWater |
2018-12-10 ⋅ Symantec ⋅ Symantec DeepSight Adversary Intelligence Team
@online{team:20181210:seedworm:d6dba3c,
author = {Symantec DeepSight Adversary Intelligence Team},
title = {{Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms}},
date = {2018-12-10},
organization = {Symantec},
url = {https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group},
language = {English},
urldate = {2019-11-17}
}
Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms
MuddyWater |
2018-11-28 ⋅ ClearSky ⋅ ClearSky Research Team
@online{team:20181128:muddywater:89a520f,
author = {ClearSky Research Team},
title = {{MuddyWater Operations in Lebanon and Oman}},
date = {2018-11-28},
organization = {ClearSky},
url = {https://www.clearskysec.com/muddywater-operations-in-lebanon-and-oman/},
language = {English},
urldate = {2019-07-09}
}
MuddyWater Operations in Lebanon and Oman
POWERSTATS |
2018-11 ⋅ ClearSky ⋅ ClearSky Cyber Security
@techreport{security:201811:muddywater:d68be0b,
author = {ClearSky Cyber Security},
title = {{MuddyWater Operations in Lebanon and Oman}},
date = {2018-11},
institution = {ClearSky},
url = {https://www.clearskysec.com/wp-content/uploads/2018/11/MuddyWater-Operations-in-Lebanon-and-Oman.pdf},
language = {English},
urldate = {2020-01-08}
}
MuddyWater Operations in Lebanon and Oman
MuddyWater |
2018-10-10 ⋅ Kaspersky Labs ⋅ GReAT
@online{great:20181010:muddywater:12992b3,
author = {GReAT},
title = {{MuddyWater expands operations}},
date = {2018-10-10},
organization = {Kaspersky Labs},
url = {https://securelist.com/muddywater/88059/},
language = {English},
urldate = {2019-12-20}
}
MuddyWater expands operations
MuddyWater |
2018-06-14 ⋅ Trend Micro ⋅ Michael Villanueva, Martin Co
@online{villanueva:20180614:another:80ffc5f,
author = {Michael Villanueva and Martin Co},
title = {{Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor}},
date = {2018-06-14},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/another-potential-muddywater-campaign-uses-powershell-based-prb-backdoor/},
language = {English},
urldate = {2020-01-12}
}
Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor
MuddyWater |
2018-06-06 ⋅ ClearSky ⋅ ClearSky Cyber Security
@techreport{security:20180606:iranian:5347a63,
author = {ClearSky Cyber Security},
title = {{Iranian APT group ‘MuddyWater’ Adds Exploits to Their Arsenal}},
date = {2018-06-06},
institution = {ClearSky},
url = {https://www.clearskysec.com/wp-content/uploads/2019/06/Clearsky-Iranian-APT-group-%E2%80%98MuddyWater%E2%80%99-Adds-Exploits-to-Their-Arsenal.pdf},
language = {English},
urldate = {2023-06-19}
}
Iranian APT group ‘MuddyWater’ Adds Exploits to Their Arsenal
POWERSTATS |
2018-05-08 ⋅ Security 0wnage ⋅ Mo Bustami
@online{bustami:20180508:clearing:fbf1a99,
author = {Mo Bustami},
title = {{Clearing the MuddyWater - Analysis of new MuddyWater Samples}},
date = {2018-05-08},
organization = {Security 0wnage},
url = {https://sec0wn.blogspot.com/2018/05/clearing-muddywater-analysis-of-new.html},
language = {English},
urldate = {2023-06-19}
}
Clearing the MuddyWater - Analysis of new MuddyWater Samples
POWERSTATS |
2018-03-22 ⋅ Sekoia ⋅ sekoia
@online{sekoia:20180322:falling:c04d81f,
author = {sekoia},
title = {{Falling on MuddyWater}},
date = {2018-03-22},
organization = {Sekoia},
url = {https://web.archive.org/web/20180807105755/https://www.sekoia.fr/blog/falling-on-muddywater/},
language = {English},
urldate = {2023-06-19}
}
Falling on MuddyWater
POWERSTATS |
2018-03-13 ⋅ FireEye ⋅ Sudeep Singh, Dileep Kumar Jallepalli, Yogesh Londhe, Ben Read
@online{singh:20180313:iranian:3542dc9,
author = {Sudeep Singh and Dileep Kumar Jallepalli and Yogesh Londhe and Ben Read},
title = {{Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign}},
date = {2018-03-13},
organization = {FireEye},
url = {https://www.fireeye.com/blog/threat-research/2018/03/iranian-threat-group-updates-ttps-in-spear-phishing-campaign.html},
language = {English},
urldate = {2019-12-20}
}
Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign
POWERSTATS MuddyWater |
2018-03-12 ⋅ Trend Micro ⋅ Jaromír Hořejší
@online{hoej:20180312:campaign:00eb661,
author = {Jaromír Hořejší},
title = {{Campaign Possibly Connected to “MuddyWater” Surfaces in the Middle East and Central Asia}},
date = {2018-03-12},
organization = {Trend Micro},
url = {https://blog.trendmicro.com/trendlabs-security-intelligence/campaign-possibly-connected-muddywater-surfaces-middle-east-central-asia/},
language = {English},
urldate = {2020-01-13}
}
Campaign Possibly Connected to “MuddyWater” Surfaces in the Middle East and Central Asia
POWERSTATS MuddyWater |
2018-03-01 ⋅ Security 0wnage ⋅ Mo Bustami
@online{bustami:20180301:quick:0c82eea,
author = {Mo Bustami},
title = {{A Quick Dip into MuddyWater's Recent Activity}},
date = {2018-03-01},
organization = {Security 0wnage},
url = {https://sec0wn.blogspot.com/2018/03/a-quick-dip-into-muddywaters-recent.html},
language = {English},
urldate = {2023-06-19}
}
A Quick Dip into MuddyWater's Recent Activity
POWERSTATS |
2018-01-02 ⋅ Security 0wnage ⋅ Mo Bustami
@online{bustami:20180102:burping:c29dd52,
author = {Mo Bustami},
title = {{Burping on MuddyWater}},
date = {2018-01-02},
organization = {Security 0wnage},
url = {https://sec0wn.blogspot.com/2018/02/burping-on-muddywater.html},
language = {English},
urldate = {2023-06-19}
}
Burping on MuddyWater
POWERSTATS |
2017-11-22 ⋅ Reaqta ⋅ Reaqta
@online{reaqta:20171122:dive:5c67031,
author = {Reaqta},
title = {{A dive into MuddyWater APT targeting Middle-East}},
date = {2017-11-22},
organization = {Reaqta},
url = {https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/},
language = {English},
urldate = {2020-01-08}
}
A dive into MuddyWater APT targeting Middle-East
POWERSTATS |
2017-11-14 ⋅ Palo Alto Networks Unit 42 ⋅ Tom Lancaster
@online{lancaster:20171114:muddying:aa0467a,
author = {Tom Lancaster},
title = {{Muddying the Water: Targeted Attacks in the Middle East}},
date = {2017-11-14},
organization = {Palo Alto Networks Unit 42},
url = {https://unit42.paloaltonetworks.com/unit42-muddying-the-water-targeted-attacks-in-the-middle-east/},
language = {English},
urldate = {2020-01-08}
}
Muddying the Water: Targeted Attacks in the Middle East
POWERSTATS MuddyWater |
2017-10-04 ⋅ Security 0wnage ⋅ Mo Bustami
@online{bustami:20171004:continued:0703924,
author = {Mo Bustami},
title = {{Continued Activity targeting the Middle East}},
date = {2017-10-04},
organization = {Security 0wnage},
url = {https://sec0wn.blogspot.com/2017/10/continued-activity-targeting-middle-east.html},
language = {English},
urldate = {2023-06-19}
}
Continued Activity targeting the Middle East
POWERSTATS |
2017-09-26 ⋅ Malwarebytes ⋅ Malwarebytes Labs
@online{labs:20170926:elaborate:bed9adc,
author = {Malwarebytes Labs},
title = {{Elaborate scripting-fu used in espionage attack against Saudi Arabia Government entity}},
date = {2017-09-26},
organization = {Malwarebytes},
url = {https://blog.malwarebytes.com/threat-analysis/2017/09/elaborate-scripting-fu-used-in-espionage-attack-against-saudi-arabia-government_entity/},
language = {English},
urldate = {2019-12-20}
}
Elaborate scripting-fu used in espionage attack against Saudi Arabia Government entity
POWERSTATS |