Sophos MDR blocks and tracks activity from probable Iranian state actor “MuddyWater”
Tags
country: | Israel |
maec-delivery-vectors: | Watering Hole |
attack-pattern: | Credentials - T1589.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Ssh - T1021.004 Tool - T1588.002 Credential Dumping - T1003 Powershell - T1086 |
Common Information
Type | Value |
---|---|
UUID | c8d0f7ff-6340-4067-8a64-10a1808306c9 |
Fingerprint | 20f94557a305e52c |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Nov. 20, 2024, 5:12 p.m. |
Added to db | Nov. 20, 2024, 6:29 p.m. |
Last updated | Dec. 21, 2024, 3:36 a.m. |
Headline | Sophos MDR blocks and tracks activity from probable Iranian state actor “MuddyWater” |
Title | Sophos MDR blocks and tracks activity from probable Iranian state actor “MuddyWater” |
Detected Hints/Tags/Attributes | 26/3/12 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 183 | ✔ | Sophos News | https://news.sophos.com/feed/ | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Url | 2 | https://downloads.level.io/install_windows.exe |
|
Details | Windows Registry Key | 39 | HKLM\SYSTEM |
|
Details | Domain | 11 | ws.onehub.com |
|
Details | Domain | 3 | ltd.zip |
|
Details | Domain | 4 | systembkup.hiv |
|
Details | Domain | 3 | downloads.level.io |
|
Details | File | 3 | ltd.zip |
|
Details | File | 12 | a.ps1 |
|
Details | File | 3 | c:\\windows\\system32\\reg.exe |
|
Details | File | 2 | install_windows.exe |
|
Details | IPv4 | 2 | 51.16.209.105 |
|
Details | Url | 1 | https://ws.onehub.com/files |