| SYMBOL | COMMON_NAME | aka. SYNONYMS |
The MuddyWater attacks are primarily against Middle Eastern nations. However, we have also observed attacks against surrounding nations and beyond, including targets in India and the USA. MuddyWater attacks are characterized by the use of a slowly evolving PowerShell-based first stage backdoor we call “POWERSTATS”. Despite broad scrutiny and reports on MuddyWater attacks, the activity continues with only incremental changes to the tools and techniques.
| 2020-10-15 ⋅ ClearSky ⋅ Operation Quicksand: MuddyWater’s Offensive Attack Against Israeli Organizations PowGoop Covicli |
| 2020-09-04 ⋅ Palo Alto Networks Unit 42 ⋅ Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa PowGoop Hakbit |
| 2020-07-05 ⋅ paloalto LIVEcommunity ⋅ How to stop MortiAgent Malware using the snort rule? MoriAgent |
| 2020-06-17 ⋅ Twitter (@Timele9527) ⋅ Tweet on MoriAgent uesd by MuddyWater (incl YARA rule) MoriAgent |
| 2020-01-15 ⋅ Marco Ramilli's Blog ⋅ Iranian Threat Actors: Preliminary Analysis POWERSTATS |
| 2020-01-07 ⋅ Prevailion ⋅ Summer Mirage POWERSTATS |
| 2020 ⋅ Secureworks ⋅ COBALT ULSTER POWERSTATS Koadic MuddyWater |
| 2019-08-01 ⋅ Kaspersky Labs ⋅ APT trends report Q2 2019 ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy Microcin |
| 2019-06-10 ⋅ Trend Micro ⋅ New MuddyWater Activities Uncovered: Threat Actors Used Multi-Stage Backdoors, New Post-Exploitation Tools, Android Malware, and More Mudwater SHARPSTATS |
| 2019-06-10 ⋅ Trend Micro ⋅ MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools POWERSTATS |
| 2019-05-20 ⋅ Cisco ⋅ Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques MuddyWater |
| 2019-05-09 ⋅ ZDNet ⋅ New leaks of Iranian cyber-espionage operations hit Telegram and the Dark Web MuddyWater |
| 2019-04-15 ⋅ ClearSky ⋅ Iranian APT MuddyWater Attack Infrastructure Targeting Kurdish Political Groups and Organizations in Turkey POWERSTATS MuddyWater |
| 2019 ⋅ Council on Foreign Relations ⋅ MuddyWater MuddyWater |
| 2019 ⋅ MITRE ⋅ Group description: MuddyWater MuddyWater |
| 2018-12-10 ⋅ Symantec ⋅ Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms MuddyWater |
| 2018-11-28 ⋅ ClearSky ⋅ MuddyWater Operations in Lebanon and Oman POWERSTATS |
| 2018-11 ⋅ ClearSky ⋅ MuddyWater Operations in Lebanon and Oman MuddyWater |
| 2018-10-10 ⋅ Kaspersky Labs ⋅ MuddyWater expands operations MuddyWater |
| 2018-06-14 ⋅ Trend Micro ⋅ Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor MuddyWater |
| 2018-03-13 ⋅ FireEye ⋅ Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign POWERSTATS MuddyWater |
| 2018-03-12 ⋅ Trend Micro ⋅ Campaign Possibly Connected to “MuddyWater” Surfaces in the Middle East and Central Asia POWERSTATS MuddyWater |
| 2017-11-22 ⋅ Reaqta ⋅ A dive into MuddyWater APT targeting Middle-East POWERSTATS |
| 2017-11-14 ⋅ Palo Alto Networks Unit 42 ⋅ Muddying the Water: Targeted Attacks in the Middle East POWERSTATS MuddyWater |
| 2017-09-26 ⋅ Malwarebytes ⋅ Elaborate scripting-fu used in espionage attack against Saudi Arabia Government entity POWERSTATS |