SYMBOLCOMMON_NAMEaka. SYNONYMS
ps1.powgoop (Back to overview)

PowGoop

Actor(s): MuddyWater


DLL loader that decrypts and runs a powershell-based downloader.

References
2021-02-28PWC UKPWC UK
@techreport{uk:20210228:cyber:bd780cd, author = {PWC UK}, title = {{Cyber Threats 2020: A Year in Retrospect}}, date = {2021-02-28}, institution = {PWC UK}, url = {https://www.pwc.co.uk/cyber-security/pdf/pwc-cyber-threats-2020-a-year-in-retrospect.pdf}, language = {English}, urldate = {2021-03-04} } Cyber Threats 2020: A Year in Retrospect
elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Ransomware Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Ransomware Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare
2020-10-21CyberScoopSean Lyngaas
@online{lyngaas:20201021:muddywater:00082e2, author = {Sean Lyngaas}, title = {{'MuddyWater' spies suspected in attacks against Middle East governments, telecoms}}, date = {2020-10-21}, organization = {CyberScoop}, url = {https://www.cyberscoop.com/muddywater-iran-symantec-middle-east/}, language = {English}, urldate = {2020-10-23} } 'MuddyWater' spies suspected in attacks against Middle East governments, telecoms
PowGoop
2020-10-21SymantecThreat Hunter Team
@online{team:20201021:seedworm:7df9e09, author = {Threat Hunter Team}, title = {{Seedworm: Iran-Linked Group Continues to Target Organizations in the Middle East}}, date = {2020-10-21}, organization = {Symantec}, url = {https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/seedworm-apt-iran-middle-east}, language = {English}, urldate = {2020-10-23} } Seedworm: Iran-Linked Group Continues to Target Organizations in the Middle East
PowGoop
2020-10-15ClearSkyClearSky
@techreport{clearsky:20201015:operation:dead010, author = {ClearSky}, title = {{Operation Quicksand: MuddyWater’s Offensive Attack Against Israeli Organizations}}, date = {2020-10-15}, institution = {ClearSky}, url = {https://www.clearskysec.com/wp-content/uploads/2020/10/Operation-Quicksand.pdf}, language = {English}, urldate = {2020-10-21} } Operation Quicksand: MuddyWater’s Offensive Attack Against Israeli Organizations
PowGoop Covicli
2020-09-04Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20200904:thanos:b5eb551, author = {Robert Falcone}, title = {{Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa}}, date = {2020-09-04}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/thanos-ransomware/}, language = {English}, urldate = {2020-09-06} } Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa
PowGoop Hakbit

There is no Yara-Signature yet.