• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Ursnif Found in Admin Billing Phishing Campaign
November 21, 2019
Rewterz Threat Alert – TrickBot Trojan Ready to Steal OpenSSH and OpenVPN Keys
November 25, 2019

Rewterz Threat Alert – Recent Wave of Muddy Water Attacks

November 22, 2019

Severity

High

Analysis Summary

During October-November, the Iranian attack group MuddyWater carried out new attacks against several targets in the Middle East, mostly in Iraq. This group has been previously active in Israel and are known for infecting targets using DOC files and social engineering. In this attack wave, we identified for the first time a malware that is designed to attack in Iran by impersonating an international Iranian shipping company – Azim Tarabar. It is possible that the group also engages in internal espionage, in addition to its ongoing activities in the Middle East. The group began preparing the recent attack infrastructure on August 19. The infrastructure is built on hacked servers that were previously used to store code for the POWERSTATS malware, as well as new hacked servers, like a server by the Saudi firm KSA Hosting. Similar to the group’s previous activity, the group hacks into the servers almost always by penetrating into WordPress based open directories in order to plant the malware code.

Impact

Exposure of sensitive information

Indicators of Compromise

MD5

  • 50ac74eb38d6fa07d9f5e788d61a92cd
  • 66c783e41480e65e287081ff853cc737
  • e18228bee6f1cf12eaf1bb4d5be587bf
  • 9d0bfb81f450de8364327a4aaa67d9b3
  • 5ef459908d5be0672b02cdfe4f606989
  • 2c3a634953a9a2c227a51e8eeac9f137
  • 269afae11cc9837e732019a03fa02fab
  • 1cd71f39ff9fb3bf269440b63c717195
  • 7ed6c5e8c3ec4f9499eb793d69a06758
  • b9ee416f2d9557be692abf448bf2f937
  • a9706c01de9364eab210ea73296bfe71
  • 584479a1958a73720c4aebb52c59b21e
  • 32156247f900883d5106795ec103a624
  • 4022bbb9df5d86226bd9a89f361c94b9
  • b100c0cfbe59fa66cbb75de65c505ce2
  • 46f911014f1202e17936f627f34e6165

URL

  • http[:]//graphixo[.]net/wp-includes/utf8[.]php
  • http[:]//ksahosting[.]net/wp-includes/utf8[.]php
  • http[:]//assignmenthelptoday[.]com/wp-includes/utf8[.]php
  • https[:]//assignmenthelptoday[.]com/wp-includes/utf8[.]php
  • https[:]//annapolisfirstlimo[.]com/editob[.]nvd

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.