.svg)
.svg)
The Blue Report 2024
Get a comprehensive analysis of over 136 million cyber attacks and understand the state of threat exposure management.
On February 24rd, 2022, The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Cyber Command Cyber National Mission Force (CNMF), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) issued an alert on Iranian state-sponsored Advanced Persistent Threat (APT) group MuddyWater and their recent cyber-espionage operations [1]. Picus Labs added attack simulations for new MuddyWater operations to the Picus Threat Library. In this blog, we explained the new MuddyWater malware types in detail.
Test your security controls against MuddyWater Attacks
MuddyWater Cyber-Espionage Group
MuddyWater is a cyber-espionage group that targets various organizations in telecommunications, defense, local government, oil, and natural gas sectors worldwide. According to US Cyber Command, MuddyWater operates under the Iranian Ministry of Intelligence and Security (MOIS) and provides confidential information to the Iranian government [2]. In addition to espionage, the APT group operates ransomware attacks. MuddyWater is also known as Static Kitten, Earth Vetala, MERCURY, Seedworm, and TEMP.Zagros. The cyber-espionage group has been known to be active since 2017.
Recently, MuddyWater has been observed to use various malware variants of PowGoop, Small Sieve, Canopy (also known as Starwhale), Mori, and POWERSTATS.
Malware Used by MuddyWater
1. PowGoop DLL LoaderPowGoop malware is a malicious DLL loader that disguises itself as a legitimate Google Update executable. PowGoop malware is made of 3 components.
- PowGoop has an executable named GoogleUpdate.exe that contains malicious Goopdate.dll. This DLL is used for DLL side-loading.
- PowGoop has a PowerShell script named goopdate.dat that decrypts and runs another Powershell script called config.txt
- The last component of PowGoop is config.txt, a PowerShell script that contains a beacon. The deployed beacon communicates with MuddyWater’s C2 server and downloads additional payloads to the target system under the disguise of the Google Update service.
👉 Check out our blog post on PowGoop for more information.
2. Small Sieve Backdoor
Small Sieve is a backdoor malware. It is written in Python and communicates with the MuddyWater C2 server using an encrypted channel over Telegram Bot API to avoid detection. Small Sieve is distributed using a Nullsoft Scriptable Install System (NSIS) installer named gram_app.exe. Once executed, it places a Python backdoor called index.exe that can download files and execute commands in the infected system. It also establishes persistence by adding a new registry run key named OutlookMicrosift; the typo is intentional to appear legitimate.
3. Canopy (Starwhale)
Canopy is a type of malware called spyware that collects the victim's username, computer name, and IP address and sends it to the MuddyWater group. Canopy malware is also known as Starwhale malware. Canopy is distributed via spearphishing emails with an Excel file named 'Cooperation term.xls' as an attachment. The Excel file contains malicious Visual Basic for Applications and Windows Script File scripts that establish persistence and exfiltrates user data in an encoded format using an HTTP POST request.
4. Mori
Mori is another backdoor used by the MuddyWater APT group that uses DNS tunneling to exfiltrate the victim’s data to C2 servers of MuddyWater. Mori uses a malicious DLL file named FML.dll that contains junk data to avoid detection.
5. POWERSTATS
POWERSTATS is a PowerShell-based backdoor that MuddyWater uses to collect confidential information belonging to the victim. POWERSTATS is also known as Powermud backdoor, and it is considered a signature malware for MuddyWater. The malware steals saved passwords to access the victim's email and social media accounts to collect sensitive data.
How Picus Helps Simulate MuddyWater Cyber Attacks?
Using the Picus Continuous Security Validation Platform, you can test your security controls against the MuddyWater attacks. We advise you to simulate MuddyWater cyber-attacks and determine whether your security controls can prevent them or not. Picus Threat Library includes the following threats to simulate MuddyWater threats.
Test your security controls against MuddyWater Attacks Now!
|
Threat Name |
|
Backdoor Malware used by Muddywater .EXE File Download (3 variants) |
|
Canopy Malware Dropper used by Muddywater .XLS File Download (1 variant) |
|
Canopy Malware used by Muddywater .WSF File Download (3 variants) |
|
Delphstats Backdoor Malware used by MuddyWater .EXE File Download (1 variant) |
|
Earth Vetala - MuddyWater Dropper .PDF File Download (1 variant) |
|
Earth Vetala - MuddyWater Dropper .RTF File Download (1 variant) |
|
Earth Vetala - MuddyWater PassDump Infostealer .DLL File Download (1 variant) |
|
MuddyWater Exploit Document Malware .DOC File Download (1 variant) |
|
Lazagne Credential Dumper used by MuddyWater .EXE File Download (1 variant) |
|
MuddyWater Macro-Embedded Document Trojan .DOC File Download (7 variants) |
|
Malware Downloader used by Muddywater .DOC File Download (3 variants) |
|
Malware Downloader used by Muddywater .XLS File Download (3 variants) |
|
Mori backdoor used by Muddywater .DLL File Download (1 variant) |
|
MuddyWater APT Scenario |
|
MuddyWater Malware Dropper .DOC File Download (21 variants) |
|
MuddyWater Valyria Trojan .DOC File Download (1 variant) |
|
Powermud Backdoor used by MuddyWater .EXE File Download (9 variants) |
|
PowerShell Based Backdoor used by MuddyWater .DLL File Download (4 variants) |
|
PowerShell Based Backdoor used by MuddyWater .DOC File Download (2 variants) |
|
Powerstats Backdoor Dropper Used by MuddyWater .VBS File Download (1 variant) |
|
Powerstats Backdoor Malware Used by MuddyWater .EXE File Download (4 variants) |
|
Powerstats Backdoor Malware Used by MuddyWater .PS1 File Download (1 variant) |
|
PowGoop Loader used by MuddyWater .DAT File Download (2 variants) |
|
PowGoop Loader used by MuddyWater .DLL File Download (2 variants) |
|
Quicksand - Covicli Backdoor used by Muddywater .DLL File Download (1 variant) |
|
Quicksand - Dropper used by Muddywater .ASPX File Download (1 variant) |
|
Quicksand - Malware Downloader used by Muddywater .PS1 File Download (1 variant) |
|
Quicksand - PowGoop Loader used by Muddywater .DLL File Download (1 variant) |
|
Quicksand - SSF.MX Backdoor used by Muddywater .EXE File Download (1 variant) |
|
Sharpstats Backdoor Malware used by MuddyWater .PS1 File Download (4 variants) |
|
Small Sieve Backdoor used by Muddywater .EXE File Download (2 variants) |
|
MuddyWater Trojan Downloader .JS File Download (2 variants) |
MITRE ATT&CK Techniques Used by the MuddyWater APT Group
Reconnaissance
-
T1589.002 Gather Victim Identity Information: Email Addresses
Resource Development
-
T1583.006 Acquire Infrastructure: Web Services
-
T1588.002 Obtain Capabilities: Tool
Initial Access
-
T1566.001 Phishing: Spearphishing Attachment
-
T1566.002 Phishing: Spearphishing Link
Execution
-
T1047 Windows Management Instrumentation
-
T1059.001 Command and Scripting Interpreter: PowerShell
-
T1059.003 Command and Scripting Interpreter: Windows Command Shell
-
T1059.005 Command and Scripting Interpreter: Visual Basic
-
T1059.006 Command and Scripting Interpreter: Python
-
T1059.007 Command and Scripting Interpreter: JavaScript
-
T1203 Exploitation for Client Execution
-
T1204.001 User Execution: Malicious Link
-
T1204.002 User Execution: Malicious File
-
T1559.001 Inter-Process Communication: Component Object Model
-
T1559.002 Inter-Process Communication: Dynamic Data Exchange
Persistence
-
T1053.005 Scheduled Task/Job: Scheduled Task
-
T1137.001 Office Application Startup: Office Template Macros
-
T1543.003 Create or Modify System Process: Windows Service
-
T1547.001 Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
-
T1547.005 Boot or Logon Autostart Execution: Security Support Provider
Privilege Escalation
-
T1134 Access Token Manipulation
-
T1548.002 Abuse Elevation Control Mechanism: Bypass User Account Control
-
T1555 Credentials from Password Stores
-
T1555.003 Credentials from Web Browsers
Defense Evasion
-
T1027 Obfuscated Files or Information
-
T1027.003 Steganography
-
T1027.004 Compile After Delivery
-
T1027.005 Obfuscated Files or Information: Indicator Removal from Tools
-
T1036.005 Masquerading: Match Legitimate Name or Location
-
T1055.001 Process Injection: Dynamic-link Library Injection
-
T1055.002 Process Injection: Portable Executable Injection
-
T1140 Deobfuscate/Decode Files or Information
-
T1218.003 Signed Binary Proxy Execution: CMSTP
-
T1218.005 Signed Binary Proxy Execution: Mshta
-
T1218.011 Signed Binary Proxy Execution: Rundll32
-
T1480 Execution Guardrails
-
T1562.001 Impair Defenses: Disable or Modify Tools
-
T1574.001 Hijack Execution Flow: DLL Search Order Hijacking
-
T1574.002 Hijack Execution Flow: DLL Side-Loading
-
T1574.007 Hijack Execution Flow: Path Interception by PATH Environment Variable
-
T1574.008 Hijack Execution Flow: Path Interception by Search Order Hijacking
-
T1574.009 Hijack Execution Flow: Path Interception by Unquoted Path
Credential Access
-
T1003.001 OS Credential Dumping: LSASS Memory
-
T1003.004 OS Credential Dumping: LSA Secrets
-
T1003.005 OS Credential Dumping: Cached Domain Credentials
-
T1552.001 Unsecured Credentials: Credentials In Files
-
T1552.002 Unsecured Credentials: Credentials in Registry
-
T1552.006 Unsecured Credentials: Group Policy Preferences,
-
T1558.003 Steal or Forge Kerberos Tickets: Kerberoasting
Discovery
-
T1005 Data from Local System
-
T1012 Query Registry
-
T1016 System Network Configuration Discovery
-
T1033 System Owner/User Discovery
-
T1049 System Network Connections Discovery
-
T1057 Process Discovery
-
T1082 System Information Discovery
-
T1083 File and Directory Discovery
-
T1087.002 Account Discovery: Domain Account
-
T1482 Domain Trust Discovery
-
T1518 Software Discovery
-
T1518.001 Security Software Discovery
Collection
-
T1056.001 Input Capture: Keylogging
-
T1113 Screen Capture
-
T1123 Audio Capture
-
T1560.001 Archive Collected Data: Archive via Utility
Command and Control
-
T1071.001 Application Layer Protocol: Web Protocols
-
T1090.002 Proxy: External Proxy
-
T1102.002 Web Service: Bidirectional Communication
-
T1104 Multi-Stage Channels
-
T1105 Ingress Tool Transfer
-
T1132.001 Data Encoding: Standard Encoding
-
T1132.002 Data Encoding: Non-Standard Encoding
-
T1219 Remote Access Software
-
T1572 Protocol Tunneling
Exfiltration
-
T1041 Exfiltration Over C2 Channely
Indicators of Compromise (IOCs)
|
MD5 |
SHA-1 |
SHA-256 |
|
b0ab12a5a4c232c902cdeba421872c37 |
a8e7659942cc19f422678181ee23297efa55fa09 |
026868713d60e6790f41dc7046deb4e6795825faa903113d2f22b644f0d21141 |
|
e182a861616a9f12bc79988e6a4186af |
69840d4c4755cdab01527eacbb48577d973f7157 |
c2badcdfa9b7ece00f245990bb85fb6645c05b155b77deaf2bb7a2a0aacbe49e |
|
cb84c6b5816504c993c33360aeec4705 |
9f212961d1de465c20e84f3c4d8ac0302e02ce37 |
d77e268b746cf1547e7ed662598f8515948562e1d188a7f9ddb8e00f4fd94ef0 |
|
e1f97c819b1d26748ed91777084c828e |
4209a007fcf4d4913afad323eb1d1ae466f911a6 |
ed988768f50f1bb4cc7fb69f9633d6185714a99ecfd18b7b1b88a42a162b0418 |
|
0431445d6d6e5802c207c8bc6a6402ea |
3765c1ad8a1d936aad88255aef5d6d4ce24f94e8 |
3098dd53da40947a82e59265a47059e69b2925bc49c679e6555d102d1c6cbbc8 |
|
15fa3b32539d7453a9a85958b77d4c95 |
11d594f3b3cf8525682f6214acb7b7782056d282 |
b75208393fa17c0bcbc1a07857686b8c0d7e0471d00a167a07fd0d52e1fc9054 |
|
5763530f25ed0ec08fb26a30c04009f1 |
2a6ddf89a8366a262b56a251b00aafaed5321992 |
bf090cf7078414c9e157da7002ca727f06053b39fa4e377f9a0050f2af37d3a2 |
|
f21371716c281e38b31c03f28d9cc7c0 |
be9dbee320d8870b3416e9a348f3f5aa92e1081b |
f6569039513e261ba9c70640e6eb8f59a0c72471889d3c0eaba51bdebb91d285 |
|
817ab97c5be4f97a3b66d3293e46adc7 |
9ce6287a4bc8e05b32196769483c98c914cda453 |
7dc49601fa6485c3a2cb1d519794bee004fb7fc0f3b37394a1aef6fceefec0c8 |
|
366910fc6c707b5a760413dd4ab0c8e9 |
bc3fc89637437aed2223f0a6b4fda73a8afede1a |
450302fb71d8e0e30c80f19cfe7fb7801b223754698cac0997eb3a3c8e440a48 |
|
fbacc4e15a4c17daac06d180c6db370e |
9c483899654caae1ca6a698275535633cd9571be |
5cdc7dd6162a8c791d50f5b2c5136d7ba3bf417104e6096bd4a2b76ea499a2f4 |
|
59629ec48fec4c8480a9b09471815ad5 |
ebf083d22fb0cf04cdf0360ac8e892a1df45d1b6 |
fcdd38ff378605c66333429d9df2242fbce25a5f69f4d6d4c11d9613bcb409b0 |
|
325493b99c01f442200316332b1d0b4c |
a7b57d47c1b80c61c61c1bcf9089eed6fdaac756 |
a69fee382cf86f9e457e0688932cbd00671d0d5218f8043f1ee385278ee19c8c |
|
218d4151b39e4ece13d3bf5ff4d1121b |
28e799d9769bb7e936d1768d498a0d2c7a0d53fb |
2471a039cb1ddeb826f3a11f89b193624d89052afcbee01205dc92610723eb82 |
|
a65696d6b65f7159c9ffcd4119f60195 |
570f7272412ff8257ed6868d90727a459e3b179e |
b5b1e26312e0574464ddef92c51d5f597e07dba90617c0528ec9f494af7e8504 |
|
a27655d14b0aabec8db70ae08a623317 |
8344f2c1096687ed83c2bbad0e6e549a71b0c0b1 |
12db8bcee090521ecf852bf215ce3878737517a22ef1f2ff9bdec7cba8d0d3aa |
|
cec48bcdedebc962ce45b63e201c0624 |
81f46998c92427032378e5dead48bdfc9128b225 |
dd7ee54b12a55bcc67da4ceaed6e636b7bd30d4db6f6c594e9510e1e605ade92 |
|
c0c2cd5cc018e575816c08b36969c4a6 |
47a4e0d466bb20cec5d354e56a9aa3f07cec816a |
b1e30cce6df16d83b82b751edca57aa17795d8d0cdd960ecee7d90832b0ee76c |
|
37fa9e6b9be7242984a39a024cade2d5 |
0211569091b96cffab6918e18ccc97f4b24d88d4 |
42ca7d3fcd6d220cd380f34f9aa728b3bb68908b49f04d04f685631ee1f78986 |
|
64fc017a451ef273dcacdf6c099031f3 |
6aa8b4f4a6fd1b4f768b1ac6faaaddbaa302a585 |
70cab18770795ea23e15851fa49be03314dc081fc44cdf76e8f0c9b889515c1b |
|
3c2a436c73eeb398cfc0923d9b08dcfe |
8afe8c82901a1a07fb92d10457617f7eb16a4eea |
468e331fd3f9c41399e3e90f6fe033379ab69ced5e11b35665790d4a4b7cf254 |
|
2ec61c8b7e57126025ebfdf2438418fc |
5844344b5cf4c8d0d577f5506c8e5d4d680bd0d6 |
ccdddd1ebf3c5de2e68b4dcb8fbc7d4ed32e8f39f6fdf71ac022a7b4d0aa4131 |
|
d632c8444aab1b43a663401e80c0bac4 |
2b3981a8889d51bb14a3a974d1578b0161b8784b |
3da24cd3af9a383b731ce178b03c68a813ab30f4c7c8dfbc823a32816b9406fb |
|
ff46053ad16728062c6e7235bc7e8deb |
a62b4ecfd5929769e5aeaef9785efce1d4919465 |
6edc067fc2301d7a972a654b3a07398d9c8cbe7bb38d1165b80ba4a13805e5ac |
|
d15aee026074fbd18f780fb51ec0632a |
352687a98fb232e5614f7ce7cd57512553535915 |
af5f102f0597db9f5e98068724e31d68b8f7c23baeea536790c50db587421102 |
|
fbe65cd962fc97192d95c40402eee594 |
dc7fca6a34a3a65cf5df6c17435fc5f2f1c62b93 |
61072ae06a5e25194e7bf6297026b54ae52fcfc14787ead8866866d8098a1fa3 |
|
ee2d1e570be5d53a5c970339991e2fd7 |
ae0830b1286ad3678bca82105c5db8203035dc72 |
92bbd427ad2daf5644c5671b6dc369e02c00d03e4a13eadc2bb3025c0cdf3ec2 |
|
2c3d8366b6ed1aa5f1710d88b3adb77d |
607635ce4cf03548084bc64a65b9ec9c03c86840 |
6d065532daab06c0b15c73d808c03b8497bb80fdd19c012bfc8771905f1f4066 |
|
1d6f241798818e6fdc03015d01e1e680ü |
0984f359c1f8c85da5a0662448a4fedab4c524e5 |
b154d3fd88767776b1e36113c479ef3487ceda0f6e4fc80cef85ba539a589555 |
|
b07d9eca8af870722939fd87e928e603 |
a80c650cd1a486e077b2e1867f36f553cb682a41 |
19ec3f16a42ae58ab6feddc66d7eeecf91d7c61a0ac9cdc231da479088486169 |
|
b44ccd6939bdbc8f61c9e71a128b2613 |
2a7d210f43e1aa80affbbeb7ad5350fc653cb7c4 |
503b2b01bb58fc433774e41a539ae9b06004c7557ac60e7d8a6823f5da428eb8 |
|
692815cce754b02fe5085375cab1f7b2 |
732284173858d6b671c2fec0456e3c0fdfc063ce |
6be18e3afeec482c79c9dea119d11d9c1598f59a260156ee54f12c4d914aed8f |
|
851f083d29c5f8f411a7ad0392c4496c |
b1b9fb39ad20f056e352c72e79dfcbde3052d437 |
484f78eb4a3bb69d62491fdb84f2c81b7ae131ec8452a04d6018a634e961cd6a |
|
8b3da6c97a53188e4af2d404dea654b6 |
19a2db6bf5987b3961b61c8d19df8fa5f7aee79a |
3deaa4072da43185d4213a38403383b7cefe92524b69ce4e7884a3ddc0903f6b |
|
6c303f68b97b72100637735cd2150393 |
63a8be0e2091f1cb11773e9e0576fdaaf52b6b10 |
4ba618c04cbdc47de2ab5f2c91f466bc42163fd541de80ab8b5e50f687bbb91c |
|
cf5c526d50a385ba289c08affbdc85ed |
dccf6a68d8b413dab46dd0dde2a692d864da7ab4 |
e241b152e3f672434636c527ae0ebbd08c777f488020c98efce8b324486335c5 |
|
d4259eb8e3b90ac08c9337df84468e87 |
631616a7d6f4d9f83a81e6efdcc03574994c2786 |
6ee79815f71e2eb4094455993472c7fb185cde484c8b5326e4754adcb1faf78e |
|
6f44e57c81414355e3d0d0dafdf1d80e |
4c4ac9a8bda6afc6172d50b25318833eb82045d3 |
81c7787040ed5ecf21b6f80dc84bc147cec518986bf25aa933dd44c414b5f498 |
|
1dae271ffc1841009104521e9c37e993 |
4f0272f0c41dbd3c4269f864ce30f668b5cb92e8 |
999e4753749228a60d4d20cc5c5e27ca4275fe63e6083053a5b01b5225c8d53a |
|
ed490e756b349443694d9a14952a0816 |
dfffeffdcaa90934a8788b72d40b7c44eb343910 |
4bd93e4a9826a65ade60117f6136cb4ed0e17beae8668a7c7981d15c0bed705a |
|
eed599981c097944fa143e7d7f7e17b1 |
b604dd6517dfd0df72e52ebc3f92da699c1396cd |
a3bb6b3872dd7f0812231a480881d4d818d2dea7d2c8baed858b20cb318da981 |
|
21aebece73549b3c4355a6060df410e9 |
dbab599d65a65976e68764b421320ab5af60236f |
0d3e0c26f7f53dff444a37758b414720286f92da55e33ca0e69edc3c7f040ce2 |
|
5c6148619abb10bb3789dcfb32f759a6 |
9732cf8c9e84e992d8856537dc5988371bb73f7c |
bef9051bb6e85d94c4cfc4e03359b31584be027e87758483e3b1e65d389483e6 |
|
ddba713c20c232bcd60daf0ffabeffb8 |
23bae509a3f47223e3ad1c3fadc600cfb63a80d6 |
1205f5845035e3ee30f5a1ced5500d8345246ef4900bcb4ba67ef72c0f79966c |
|
e2ed0be977ab9e50055337ec8eb0ddf4 |
8e05a8a34855b4bac56cfe223e70479235720c99 |
51121dd5fbdfe8db7d3a5311e3e9c904d644ff7221b60284c03347938577eecf |
|
54982c616098f6c6fbc48703922f15f4 |
9ca4dd5043c18ebbbc9d8c789e3ee67de26c4ad0 |
51ac160f7d60a9ce642080af0425a446fb25b7067e06b3a9a8ec2f777836efd3 |
|
e6e7661efb60b9aea7969a30e17ace19 |
a2ac825e6def9fb9dcef07e3df84279a343f06c7 |
5723f425e0c55c22c6b8bb74afb6b506943012c33b9ec1c928a71307a8c5889a |
|
488723b8e56dbaac8ccdc79499037d5f |
6db26ce598b86e96ca2ba132d2d847beca8521ee |
884e991d2066163e02472ea82d89b64e252537b28c58ad57d9d648b969de6a63 |
|
fa200e715e856550c76f729604ebaf57 |
7bf879aaf66bb5fc5b97bb29c966f3b21c8e25c8 |
bf696397784b22f8e891dd0627dce731f288d14d4791ac5d0a906bc1cbe10de6 |
|
837eaad1187fe9fbf91f9bc7c054f5d9 |
e5deb0093e08ece9ef1d0a209bd8240bba49b527 |
bf8f30031769aa880cdbe22bc0be32691d9f7913af75a5b68f8426d4f0c7be50 |
|
989e9dcc2182e2b5903b9acea03be11d |
37df30c904ee7a761120e202c6ea12c9da13f007 |
c92e70515d594c582e4433f2aca6c8f2aa60f1af0aa21a08173ff2feb7d34359 |
|
a750e2885ed3c294de148864723f73e3 |
f7f8a79d86579d220d0294520e2fcebea53d08f0 |
f1f11830b60e6530b680291509ddd9b5a1e5f425550444ec964a08f5f0c1a44e |
|
ca9230a54f40a6a0fe52d7379459189c |
b6a6139e9037d2719482474c71c4a5d847c717e6 |
294a907c27d622380727496cd7c53bf908af7a88657302ebd0a9ecdd30d2ec9d |
|
5935522717aee842433a5de9d228a715 |
bd2953a4ec7538a5868423e336517376b3dc5864 |
65bd49d9f6d9b92478e3653362c0031919607302db6cfb3a7c1994d20be18bcc |
|
0cf25597343240f88358c694d7ae7e0a |
11e4572812a0835c58f27814b031fb68c22f1a7b |
b6c483536379840e89444523d27ac7828b3eb50342b992d2c8f608450cd7bb53 |
|
44c900bd374ebce1aac1f1e45958f0fe |
0608182a5ee641ac33aea6fbd14862013ccd88e6 |
e5c56c5b9620fb542eab82bdf75237d179bc996584b5c5f7a1c34ef5ae521c7d |
|
9533003c5f7c718951a3171da03844fb |
9e97cf4050fc052ae144fcecb33294c39a7a7672 |
43080479eb1b00ba80c34272c5595e6ebdc6b0ffabcdc2c40ea2af49fcc43db4 |
|
3b6b74bf57746a31b7c8bdbb22282290 |
128606f1119b6fdcd00937a1fe54dbef18670251 |
0acd10b14d38a4ac469819dfa9070106e7289ecf7360e248b7f10f868c2f373d |
|
127bd5e7f11977a07428837a2d2fa9f1 |
6f9d9466babda3473726b96891eb4bcd8098591b |
888a6f205ac9fc40d4898d8068b56b32f9692cb75f0dd813f96a7bd8426f8652 |
|
b897fa2a9a3067dfd919cc27c269b203 |
7cb835c87b0fe6f5dc13a668ecb36cc6b35f44cf |
4f509354d8b3152a40c64ce61f7594d592c1256ad6c0829760b8dbdcb10579a2 |
|
8fbb83e448095d1c73ee1431abc15c80 |
19e26c789eb5203d9ad94f74cc4369216ae40619 |
41ee0ab77b474b0c84a1c25591029533f058e4454d9f83ba30159cc6309c65d1 |
|
24e1bd221ba3813ed7b6056136237587 |
8d86e25ee414d49cf925d5fd333443e39eebfc8f |
3d96811de7419a8c090a671d001a85f2b1875243e5b38e6f927d9877d0ff9b0c |
|
37f7e6e5f073508e1ee552ebea5d200e |
34f4c4ac3500a91c5d9394b247ba1eeb7152535d |
d07d4e71927cab4f251bcc216f560674c5fb783add9c9f956d3fc457153be025 |
|
ffb8ea0347a3af3dd2ab1b4e5a1be18a |
99d3597fea978d3d8ea6ad1e5727d581ec409c1a |
fbbda9d8d9bcaaf9a7af84d08af3f5140f5f75778461e48253dc761cc9dc027c |
|
fdb4b4520034be269a65cfaee555c52e |
fe94be7b44239bd1aff24a436294031dd4a2d4c2 |
240b7d2825183226af634d3801713b0e0f409eb3e1e48e1d36c96d2b03d8836b |
|
7a2ff07283ddc69d9f34cfa0d3c936d4 |
db6376bfd590285e271387c81b676281a7a80abb |
18cf5795c2208d330bd297c18445a9e25238dd7f28a1a6ef55e2a9239f5748cd |
|
9486593e4fb5a4d440093d54a3519187 |
f9bc806bc1fb99e8e88e3d8f142729bdd5a44ec9 |
707d2128a0c326626adef0d3a4cab78562abd82c2bd8ede8cc82f86c01f1e024 |
|
b8939fa58fad8aa1ec271f6dae0b7255 |
0336503957730b0669a4575fa64b9c4d9d25f240 |
76e9988dad0278998861717c774227bf94112db548946ef617bfaa262cb5e338 |
|
665947cf7037a6772687b69279753cdf |
89f726a22b1cad37d95befeed64a6c379f7db2ad |
94625dd8151814dd6186735a6a6a87b2a4c71c04b8402caf314fb6f98434eaad |
|
801f34abbf90ac2b4fb4b6289830cd16 |
0282bf2a9dca0a87e7fe2a12480c1cc2ea234b49 |
b7b8faac19a58548b28506415f9ece479055e9af0557911ca8bbaa82b483ffb8 |
|
68e89d88b7cca6f12707d5a463c9d1d8 |
7aed1190356493472ffcf1eb2d7d61f1ea3e6809 |
2727bf97d7e2a5e7e5e41ccbfd7237c59023d70914834400da1d762d96424fde |
|
5bd61a94e7698574eaf82ef277316463 |
a80655582da300ba1e1c3f4ac78d61a5a8f6d3ab |
c87799cce6d65158da97aa31a5160a0a6b6dd5a89dea312604cc66ed5e976cc9 |
|
bf310319d6ef95f69a45fc4f2d237ed4 |
f53f52b9aa4573f7250d7693617f8617ec139aad |
009cc0f34f60467552ef79c3892c501043c972be55fe936efb30584975d45ec0 |
|
1de684f66a87cdf8485f95693d188596 |
754442f677f4129dbb784b116dad036d543ca725 |
40a6b4c6746e37d0c5ecb801e7656c9941f4839f94d8f4cd61eaf2b812feaabe |
|
3e6e37b381bf968c7718cb2323f275f8 |
962559d4e17b6d20d19f53cf217f3ed17571b119 |
16bcb6cc38347a722bb7682799e9d9da40788e3ca15f29e46b475efe869d0a04 |
|
ccb6108b7d29e8f3af6275c1256dd82e |
0be43791372178a889619025009556c2ea788983 |
b2c10621c9c901f0f692cae0306baa840105231f35e6ec36e41b88eebd46df4c |
|
c90e22b6579a3447836e299cbc5d0af0 |
e71258cb7e3e8693369a5fca8824122eaba3f602 |
58282917a024ac252966650361ac4cbbbed48a0df7cab7b9a6329d4a04551c0d |
|
a86249a392b394c803ddbd5bbaa0b4bb |
04644126b82e83a6c9ae5da91a3584a41ad7e687 |
588cd0fe3ae6fbd2fa4cf8de8db8ae2069ea62c9eaa6854caedf45045780661f |
|
ebc529b32422b6385b6ba3416c7afe13 |
2ab8f082762faf97f3cbea43e208a4cee923a115 |
97f9a83bc6bb1b3f5cb7ac9401f95265597bff796bb4901631d6fa2c79a48bdc |
|
9f00ac3bef01d2e3d8ebc48c3468d5c0 |
80bbed38197bfbf9de7e9ceb7ee084fc773e2b2a |
1b60b7f9b0faf25288f1057b154413921a6cb373dcee43e831b9263c5b3077ce |
|
0873ddb4df8320b493a719bdddd7d182 |
56420230b25ac7f6d43c223cc303458aa1c60a6e |
2c8d18f03b6624fa38cae0141b91932ba9dc1221ec5cf7f841a2f7e31685e6a1 |
|
b0a365d0648612dfc33d88183ff7b0f0 |
bb09fa209f596f4390b29cf64034311444464c4b |
a3c1fd46177a078c4b95c744a24103df7d0a58cee1a3be92bc4cdd7dec1b1aa5 |
|
0e53da32937cb3718988026d9e96a5f0 |
08ef2f27cee1b0b80fadc9a5b8e356600ddd199a |
367021beedb3ad415c69c9a0e657dc3ed82b1b24a41a71537d889f5e2b7ca433 |
|
135238bc43fddd0867676aef1e9aaf83 |
87a6c50d81f1767076027bfa4163a5853645e297 |
de6ce9b75f4523a5b235f90fa00027be5920c97a972ad6cb2311953446c81e1d |
|
65c64c5aa55d3d78f08456cb20012fcf |
0b51193e6b17d7be8cd11fe4f330eb4edc6ec394 |
16985600c959f6267476da614243a585b1b222213ec938351ef6a26560c992db |
|
2ded75ea4e55ed1dad579b9ce0eb01b2 |
78b3b382b27b07f18f09806475b02abed7f2ff77 |
cf87a2ac51503d645e827913dd69f3d80b66a58195e5a0044af23ea6ba46b823
|
Reference
[1] “Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks.” [Online]. Available: https://www.cisa.gov/uscert/ncas/alerts/aa22-055a.
[2] “Iranian intel cyber suite of malware uses open source tools,” U.S. Cyber Command, Jan. 12, 2022. [Online]. Available: https://www.cybercom.mil/Media/News/Article/2897570/iranian-intel-cyber-suite-of-malware-uses-open-source-tools/.
