• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Gootkit Trojan Active- IOCs
June 8, 2021
Rewterz Threat Alert – Remcos RAT – Active IOCs
June 8, 2021

Rewterz Threat Alert – MuddyWater – Active IOCs

June 8, 2021

Severity

High

Analysis Summary

The Iranian cyber criminal group MuddyWater has resurfaced. The group primarily has targeted Middle Eastern, European and North American nations. The industries under target include telecommunications, government (IT services), and oil sectors. Most of the campaigns by MuddyWater are designed upon socially engineering their victims into enabling macros in order to 
infect the targeted workstation. Once macros were enabled, the threat actor-written code would attempt to obtain a trojan hosted on an adversarial payload command and control node.

Impact

  • Credential theft
  • Exposure of sensitive information

Indicators of Compromise

MD5

  • c62dd58a23e06db9bfaa24a62cda7219
  • d83dc19ab53dedc600a99dd18d29d523
  • 685fa4ad009f9679b5d30506d697d713
  • 06455cb0dca28fa9b394280bad2e935e

SHA-256

  • 7f8c2c5434b43f842cae66a1ec92eac74c345d3d517522b416e38064c71d01ad
  • 377d1eb3cd7b6a0c2d078829dd36c7fd148c58db8bc78ab9cb17f43961133bff
  • db07437bd2ff157572bc8c84bfda0b472591362f2bfc05aaa883fad091edcea8
  • 0c93f7263a2e7d0aa1e19d7481a9539115f999cae29230383a882c403fd0f4b4

SHA1

  • 87b0af0cac866112339c024fd91a021af7833b8e
  • 95ad10852901fb6b0b3a010fd0d69a3c2ca2ba5b
  • 6820c167d6183d4c79c691968c7480eec0b4bbeb
  • 22fd5029705c6c786ea51f7d7d7e42af1456be5d

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.

  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.