ioc[.]one - OSINT Cyber Threat Intelligence Database

MAR–10369127–1.v1 – MuddyWater | CISA

Tags

country:	United Kingdom
maec-delivery-vectors:	Watering Hole
attack-pattern:	Dll Side-Loading - T1574.002 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Regsvr32 - T1218.010 Rundll32 - T1218.011 Software - T1592.002 Visual Basic - T1059.005 Vulnerabilities - T1588.006 Whois - T1596.002 Dll Side-Loading - T1073 Powershell - T1086 Regsvr32 - T1117 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	c6631b2d-cda0-4ab5-ba22-46ff9c9b67a7
Fingerprint	dfcdeb86446b034e
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 24, 2022, midnight
Added to db	Sept. 26, 2022, 9:34 a.m.
Last updated	Nov. 17, 2024, 9:42 p.m.
Headline	Malware Analysis Report (AR22-055A)
Title	MAR–10369127–1.v1 – MuddyWater \| CISA
Detected Hints/Tags/Attributes	80/3/63

Source URLs

	Redirection	Url
Details	Source	https://us-cert.cisa.gov/ncas/analysis-reports/ar22-055a
Details	Source	https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-055a

URL Provider

Details	Provider	Source level domain
Details	cisa.gov	us-cert.cisa.gov
Details	cisa.gov	www.cisa.gov

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	85	✔	—	https://cisa.gov/uscert/ncas/analysis-reports.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	469	www.cisa.gov
Details	Domain	12	whois.ripe.net
Details	Domain	52	whois.arin.net
Details	Domain	1	bacloud.info
Details	Domain	1	servdiscount-customer.com
Details	Domain	154	us-cert.cisa.gov
Details	Domain	84	malware.us-cert.gov
Details	Domain	84	ftp.malware.us-cert.gov
Details	Email	84	submit@malware.us-cert.gov
Details	File	3	terms.xls
Details	File	28	goopdate.dll
Details	File	3	goopdate.dat
Details	File	1	teresitajordain_config.txt
Details	File	3	fml.dll
Details	File	1	rj.js
Details	File	1	zaibcb15ak.xls
Details	File	1	config2.txt
Details	File	1	dore.dat
Details	File	35	config.txt
Details	File	3	libpcre2-8-0.dll
Details	File	1	anthehannah_config.txt
Details	File	1	note.js
Details	File	1	core.dat
Details	File	69	vcruntime140.dll
Details	File	1	heidieleone.txt
Details	File	105	googleupdate.exe
Details	File	1018	rundll32.exe
Details	File	1205	index.php
Details	File	459	regsvr32.exe
Details	File	1	bacloud.inf
Details	sha256	3	026868713d60e6790f41dc7046deb4e6795825faa903113d2f22b644f0d21141
Details	sha256	1	12db8bcee090521ecf852bf215ce3878737517a22ef1f2ff9bdec7cba8d0d3aa
Details	sha256	1	2471a039cb1ddeb826f3a11f89b193624d89052afcbee01205dc92610723eb82
Details	sha256	1	255e53af8b079c8319ce52583293723551da9affe547da45e2c1d4257cff625a
Details	sha256	2	3098dd53da40947a82e59265a47059e69b2925bc49c679e6555d102d1c6cbbc8
Details	sha256	1	42ca7d3fcd6d220cd380f34f9aa728b3bb68908b49f04d04f685631ee1f78986
Details	sha256	3	4b2862a1665a62706f88304406b071a5c9a6b3093daadc073e174ac6d493f26c
Details	sha256	1	5bcdd422089ed96d6711fa251544e2e863b113973db328590cfe0457bfeb564f
Details	sha256	1	7e7545d14df7b618b3b1bc24321780c164a0a14d3600dbac0f91afbce1a2f9f4
Details	sha256	1	9cb79736302999a7ec4151a43e93cd51c97ede879194cece5e46b4ff471a7af7
Details	sha256	2	9d50fcb2c4df4c502db0cac84bef96c2a36d33ef98c454165808ecace4dd2051
Details	sha256	1	9ec8319e278d1b3fa1ccf87b5ce7dd6802dac76881e4e4e16e240c5a98f107e2
Details	sha256	2	b1e30cce6df16d83b82b751edca57aa17795d8d0cdd960ecee7d90832b0ee76c
Details	sha256	1	b5b1e26312e0574464ddef92c51d5f597e07dba90617c0528ec9f494af7e8504
Details	sha256	1	b6133e04a0a1deb8faf944dd79c46c62f725a72ea9f26dd911d6f6e1e4433f1a
Details	sha256	1	ce9bd1acf37119ff73b4dff989f2791eb24efc891a413df58856d848f0bcaee9
Details	sha256	2	dd7ee54b12a55bcc67da4ceaed6e636b7bd30d4db6f6c594e9510e1e605ade92
Details	sha256	1	e7baf353aa12ff2571fc5c45184631dc2692e2f0a61b799e29a1525969bf2d13
Details	sha256	1	e7f6c7b91c482c12fc905b84dbaa9001ef78dc6a771773e1de4b8eade5431eca
Details	sha256	2	c2badcdfa9b7ece00f245990bb85fb6645c05b155b77deaf2bb7a2a0aacbe49e
Details	sha256	2	d77e268b746cf1547e7ed662598f8515948562e1d188a7f9ddb8e00f4fd94ef0
Details	sha256	2	ed988768f50f1bb4cc7fb69f9633d6185714a99ecfd18b7b1b88a42a162b0418
Details	sha256	2	f10471e15c6b971092377c524a0622edf4525acee42f4b61e732f342ea7c0df0
Details	IPv4	4	185.117.75.34
Details	IPv4	2	185.118.164.21
Details	IPv4	2	185.183.96.44
Details	IPv4	4	185.183.96.7
Details	IPv4	2	192.210.191.188
Details	IPv4	6	5.199.133.149
Details	IPv4	5	88.119.170.124
Details	Url	43	http://www.cisa.gov/tlp.
Details	Url	53	https://us-cert.cisa.gov/forms/feedback
Details	Url	84	https://malware.us-cert.gov