• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Xpert RAT – Active IOCs
June 13, 2022
Rewterz Threat Alert – AveMaria RAT – Active IOCs
June 13, 2022

Rewterz Threat Alert – MuddyWater APT – Active IOCs

June 13, 2022

Severity

High

Analysis Summary

APT MuddyWater – an Iran-based APT – has been operating since at least 2017. This APT group utilizes the common but efficient infection vector, spear-phishing, to perform their tasks. It has mostly targeted countries in the Middle East but also affected countries in Europe and North America. The majority of the group’s victims are in the telecoms, government (IT services), and oil industries. This group’s activity was formerly related to FIN7, however, it is now regarded to be a separate entity driven by espionage. 

MuddyWater’s majority of attacks are based on social engineering. It lures its victims into activating macros so that would infect the targeted workstation. Once macros were turned on, the threat actor’s code would try to download a trojan from an adversarial payload command and control node.

According to U.S. and U.K. federal agencies, MuddyWater is conducting cyber espionage and other malicious cyber operations as part of Iran’s Ministry of Intelligence and Security (MOIS), targeting a range of government and private-sector organizations across sectors—including telecommunications, defense, local government, and oil and natural gas—in Asia, Africa, Europe, and North America. 

Impact

  • Credential Theft
  • Exposure of Sensitive Information

Indicators of Compromise

MD5

  • f48541dd1c299692131a32e10bac8275
  • 3d2eede88cd6f66cda7a78e542cfd119

SHA-256

  • c75d2a9146bb0af796c809919539298d908532536c4f500ce4d81abf94ccec70
  • 0d11945937bdc5b0e7f11d53ad462ceaf34046d42f24932fefa1168e9fe5ac9f

SHA-1

  • 2e7e77bb98976741e9ba764f897de6f2613d9531
  • 37728fafc4b2e9c5e9c13290e33c6ad5b3d8e5c3

Remediation

  • Logging – Log your eCommerce environment’s network activity and web server activity.
  • Passwords – Implement strong passwords.
  • Admin Access – limit access to administrative accounts and portals to only relevant personnel and make sure they are
  • not publicly accessible.
  • WAF – Set up a Web Application Firewall with rules to block suspicious and malicious requests.
  • Patch – Patch and upgrade any platforms and software timely. Prioritize patching known exploited vulnerabilities.
  • 2FA – Enable two-factor authentication.
  • Antivirus – Enable antivirus and anti-malware software and update signature definitions in a timely manner.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.