Rewterz Threat Alert – MuddyWater – Active IOCs

Severity

High

Analysis Summary

APT Group MuddyWater has been resurfaced again. The group primarily has targeted Middle Eastern, European, and North American nations. The industries under target include telecommunications, government (IT services), and oil sectors. Most of the campaigns by MuddyWater are designed upon socially engineering their victims into enabling macros in order to infect the targeted workstation. Once macros were enabled, the threat actor-written code would attempt to obtain a trojan hosted on an adversarial payload command and control node.

Impact

• Credential theft
• Espionage

Indicators of Compromise

MD5

• 2ec61c8b7e57126025ebfdf2438418fc
• 64fc017a451ef273dcacdf6c099031f3
• 3c2a436c73eeb398cfc0923d9b08dcfe
• c67d578a14571e4f56430ce4bdc228f9
• fa6d5164772ba72dc3931dae8e09b488
• 71ffc9ebbb80f4e2f405034662dfd424
• 3c1b429685e5f1853a3cd955bd0acbd7
• 960594cbdf938bcb03bd0637843d9154
• e8e84ac1ae83a45c260df146e97cb1cb

SHA-256

• ccdddd1ebf3c5de2e68b4dcb8fbc7d4ed32e8f39f6fdf71ac022a7b4d0aa4131
• 0cd6f593cc58ba3ac40f9803d97a6162a308ec3caa53e1ea1ce7f977f2e667d3
• 79fd822627b72bd2fbe9eae43cf98c99c2ecaa5649b7a3a4cfdc3ef8f977f2e6
• 304ea86131c4d105d35ebbf2784d44ea24f0328fb483db29b7ad5ffe514454f8
• fb414beebfb9ecbc6cb9b35c1d2adc48102529d358c7a8997e903923f7eda1a2
• 3495b0a6508f1af0f95906efeba36148296dccd2ab8ffb4e569254b683584fea
• 70cab18770795ea23e15851fa49be03314dc081fc44cdf76e8f0c9b889515c1b
• 468e331fd3f9c41399e3e90f6fe033379ab69ced5e11b35665790d4a4b7cf254
• f664670044dbd967ff9a5d8d8f345be294053e0bae80886cc275f105d8e7a376
• 8bee2012e1f79d882ae635a82b65f88eaf053498a6b268c594b0d7d601b1212f
• 9b345d2d9f52cda989a0780acadf45350b423957fb7b7668b9193afca3e0cd27
• 5e2642f33115c3505bb1d83b137e7f2b18e141930975636e6230cdd4292990dd
• b2f429efdb1801892ec8a2bcdd00a44d6ee31df04721482a1927fc6df554cdcf
• 3e4e179a7a6718eedf36608bd7130b62a5a464ac301a211c3c8e37c7e4b0b32b

SHA1

• 5844344b5cf4c8d0d577f5506c8e5d4d680bd0d6
• 6aa8b4f4a6fd1b4f768b1ac6faaaddbaa302a585
• 8afe8c82901a1a07fb92d10457617f7eb16a4eea
• c4f00531020b8f7cc865fe26c6e31e358e666831
• cf8ad0da6dc45ae7ce87f792b1e60175cefc2b50
• dfe1f455adf8a98d94c7217acc763770ada4b4af
• 09a73164c70426372b431cba80510037eb42feb9
• f228e772a31b4fc160cb59cf5627224613f10941
• c58370b4114d4d493e141a66cd1484573ccf02b5

Remediation

• Block all threat indicators at your respective controls.
• Always be suspicious about emails sent by unknown senders.
• Never click on the links/attachments sent by unknown senders.