gptkbp:instanceOf
|
cyber threat group
|
gptkbp:activeYearsStart
|
2017
|
gptkbp:alsoKnownAs
|
gptkb:MuddyWater
|
gptkbp:associatedWith
|
gptkb:Iranian_Ministry_of_Intelligence_and_Security
|
gptkbp:attributedTo
|
publicly attributed by UK NCSC
publicly attributed by US Cyber Command
|
gptkbp:countryOfOrigin
|
gptkb:Iran
|
https://www.w3.org/2000/01/rdf-schema#label
|
APT49
|
gptkbp:industry
|
gptkb:energy
gptkb:government
defense
telecommunications
academia
|
gptkbp:infrastructure
|
cloud services
compromised servers
legitimate web services
|
gptkbp:majorCity
|
gptkb:India
gptkb:Israel
gptkb:Pakistan
gptkb:Saudi_Arabia
gptkb:Turkey
gptkb:United_States
|
gptkbp:motive
|
gptkb:intelligence_gathering
espionage
regional influence
|
gptkbp:notableEvent
|
attacks on Middle Eastern government entities
attacks on energy sector organizations
attacks on telecommunications providers
|
gptkbp:reportsTo
|
gptkb:Microsoft
gptkb:Palo_Alto_Networks
gptkb:FireEye
gptkb:US_Cybersecurity_and_Infrastructure_Security_Agency_(CISA)
UK National Cyber Security Centre (NCSC)
|
gptkbp:technique
|
PowerShell scripts
credential harvesting
living off the land
spear phishing
remote access trojans
|
gptkbp:usesMalware
|
gptkb:BlackWater
gptkb:MuddyC3
gptkb:MuddyWater_RAT
gptkb:SharpStage
gptkb:Mimikatz
gptkb:POWERSTATS
MuddyC2Go
Seashell Bladder
|
gptkbp:bfsParent
|
gptkb:Operation_Winnti
|
gptkbp:bfsLayer
|
7
|