Dark Web Profile: MuddyWater APT Group - SOCRadar
Tags
cmtmf-attack-pattern: Acquire Infrastructure Application Layer Protocol Boot Or Logon Autostart Execution Command And Scripting Interpreter Masquerading Obfuscated Files Or Information Obtain Capabilities Scheduled Task/Job System Network Connections Discovery
country: United Arab Emirates Azerbaijan Bahrain Iran Iraq Pakistan Israel Saudi Arabia Turkey
maec-delivery-vectors: Watering Hole
attack-pattern: Acquire Infrastructure Data Reputational Harm Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Acquire Infrastructure - T1583 Software Discovery - T1418 Application Layer Protocol - T1437 Archive Collected Data - T1560 Archive Collected Data - T1532 Archive Via Utility - T1560.001 Bidirectional Communication - T1102.002 Bidirectional Communication - T1481.002 Boot Or Logon Autostart Execution - T1547 Bypass User Account Control - T1548.002 Cached Domain Credentials - T1003.005 Cmstp - T1218.003 Command And Scripting Interpreter - T1623 Compile After Delivery - T1027.004 Compile After Delivery - T1500 Component Object Model - T1559.001 Credentials - T1589.001 Credentials From Password Stores - T1555 Credentials From Web Browsers - T1555.003 Credentials From Web Browsers - T1503 Credentials In Files - T1552.001 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Dns - T1071.004 Dns - T1590.002 Domain Account - T1087.002 Domain Account - T1136.002 Dynamic Data Exchange - T1559.002 Email Addresses - T1589.002 Execution Guardrails - T1480 Execution Guardrails - T1627 Exfiltration Over C2 Channel - T1646 Exploitation For Client Execution - T1658 Exploits - T1587.004 Exploits - T1588.005 External Proxy - T1090.002 File And Directory Discovery - T1420 Gather Victim Identity Information - T1589 Impair Defenses - T1562 Impair Defenses - T1629 Ingress Tool Transfer - T1544 Inter-Process Communication - T1559 Javascript - T1059.007 System Network Configuration Discovery - T1422 System Network Connections Discovery - T1421 Lsa Secrets - T1003.004 Lsass Memory - T1003.001 Malicious File - T1204.002 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Match Legitimate Name Or Location - T1036.005 Match Legitimate Name Or Location - T1655.001 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Mshta - T1218.005 Non-Standard Encoding - T1132.002 Obtain Capabilities - T1588 Office Template Macros - T1137.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Registry Run Keys / Startup Folder - T1547.001 Remote Access Software - T1663 Rundll32 - T1218.011 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Screen Capture - T1513 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Software - T1592.002 Software Discovery - T1518 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Spearphishing Link - T1566.002 Spearphishing Link - T1598.003 Standard Encoding - T1132.001 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 Windows Command Shell - T1059.003 Visual Basic - T1059.005 Web Protocols - T1071.001 Web Protocols - T1437.001 Web Service - T1481 Web Shell - T1505.003 Unsecured Credentials - T1552 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Vulnerabilities - T1588.006 Account Discovery - T1087 Standard Application Layer Protocol - T1071 Bypass User Account Control - T1088 Cmstp - T1191 Command-Line Interface - T1059 Connection Proxy - T1090 Credential Dumping - T1003 Credentials In Files - T1081 Data Encoding - T1132 Deobfuscate/Decode Files Or Information - T1140 Dynamic Data Exchange - T1173 Exfiltration Over Command And Control Channel - T1041 Exploitation For Client Execution - T1203 File And Directory Discovery - T1083 Remote File Copy - T1105 Masquerading - T1036 Mshta - T1170 Multi-Stage Channels - T1104 Obfuscated Files Or Information - T1027 Office Application Startup - T1137 Powershell - T1086 Process Discovery - T1057 Registry Run Keys / Start Folder - T1060 Remote Access Tools - T1219 Rundll32 - T1085 Scheduled Task - T1053 Screen Capture - T1113 Security Software Discovery - T1063 Signed Binary Proxy Execution - T1218 Spearphishing Attachment - T1193 Spearphishing Link - T1192 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Network Connections Discovery - T1049 System Owner/User Discovery - T1033 Windows Management Instrumentation - T1047 Web Shell - T1100 Web Service - T1102 User Execution - T1204 Masquerading Screen Capture Spearphishing Attachment User Execution
Show in Graph
Common Information
Type Value
UUID 9dd39153-36f8-4b0d-ac30-bd8752ed8f84
Fingerprint b90485f0e6bca5c1
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 2, 2023, 10:09 a.m.
Added to db Jan. 2, 2023, 12:14 p.m.
Last updated Nov. 14, 2024, 8:09 a.m.
Headline Dark Web Profile: MuddyWater APT Group
Title Dark Web Profile: MuddyWater APT Group - SOCRadar
Detected Hints/Tags/Attributes 190/4/47
Source URLs
Redirection Url
Details Source https://socradar.io/dark-web-profile-muddywater-apt-group/
URL Provider
Details Provider Source level domain
Details socradar.io socradar.io
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 238 SOCRadar® Cyber Intelligence Inc. https://socradar.io/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details md5 1 
a27655d14b0aabec8db70ae08a623317
Details md5 1 
cec48bcdedebc962ce45b63e201c0624
Details md5 1 
860f5c2345e8f5c268c9746337ade8b7
Details md5 5 
15fa3b32539d7453a9a85958b77d4c95
Details md5 5 
5763530f25ed0ec08fb26a30c04009f1
Details md5 1 
b0ab12a5a4c232c902cdeba421872c37
Details md5 1 
6cef87a6ffb254bfeb61372d24e1970a
Details md5 1 
0431445d6d6e5802c207c8bc6a6402ea
Details md5 1 
f5dee1f9cd47dc7bae468da9732c862e
Details md5 1 
e75443a5e825f69c75380b6dc76c6b50
Details sha1 4 
7649c554e87f6ea21ba86bb26ea39521d5d18151
Details sha1 1 
81f46998c92427032378e5dead48bdfc9128b225
Details sha1 1 
6c55d3acdc2d8d331f0d13024f736bc28ef5a7e1
Details sha1 4 
11d594f3b3cf8525682f6214acb7b7782056d282
Details sha1 4 
2a6ddf89a8366a262b56a251b00aafaed5321992
Details sha1 1 
a8e7659942cc19f422678181ee23297efa55fa09
Details sha1 1 
e21d95b648944ad2287c6bc01fcc12b05530e455
Details sha1 1 
3765c1ad8a1d936aad88255aef5d6d4ce24f94e8
Details sha1 1 
5273ee897e67fc01ee5fef08c37400cb4ee15958
Details sha1 1 
142b5753c608c65e702e41b52abdeb96cb2f9294
Details sha256 5 
2c92da2721466bfbdaff7fedd9f3e8334b688a88ee54d7cab491e1a9df41258f
Details sha256 2 
dd7ee54b12a55bcc67da4ceaed6e636b7bd30d4db6f6c594e9510e1e605ade92
Details sha256 2 
9d50fcb2c4df4c502db0cac84bef96c2a36d33ef98c454165808ecace4dd2051
Details sha256 4 
b75208393fa17c0bcbc1a07857686b8c0d7e0471d00a167a07fd0d52e1fc9054
Details sha256 4 
bf090cf7078414c9e157da7002ca727f06053b39fa4e377f9a0050f2af37d3a2
Details sha256 3 
026868713d60e6790f41dc7046deb4e6795825faa903113d2f22b644f0d21141
Details sha256 3 
4b2862a1665a62706f88304406b071a5c9a6b3093daadc073e174ac6d493f26c
Details sha256 2 
3098dd53da40947a82e59265a47059e69b2925bc49c679e6555d102d1c6cbbc8
Details sha256 1 
6f8226d890350943a9ef4cc81598e0e953d8ba9746694c0b7e3d99e418701b39
Details sha256 1 
c514c3f293f0cb4c23662a5ab962b158cb97580b03a22b82e21fa3b26d64809c
Details IPv4 8 
104.208.16.94
Details IPv4 5 
20.42.65.92
Details IPv4 6 
20.42.73.29
Details IPv4 7 
20.189.173.20
Details IPv4 2 
20.189.173.21
Details IPv4 6 
13.107.4.50
Details IPv4 11 
149.154.167.220
Details IPv4 5 
192.168.0.15
Details IPv4 11 
23.216.147.64
Details IPv4 8 
23.216.147.76
Details IPv4 142 
192.168.0.1
Details IPv4 3 
192.168.0.25
Details IPv4 3 
20.99.132.105
Details IPv4 7 
209.197.3.8
Details IPv4 5 
88.119.170.124
Details IPv4 6 
5.199.133.149
Details Mandiant Uncategorized Groups 3 
UNC3313