MuddyWater

GPTKB entity

Statements (50)
Predicate Object
gptkbp:instanceOf cybercrime
gptkbp:activeYearsStart 2017
gptkbp:alsoKnownAs gptkb:Seedworm
gptkb:Static_Kitten
gptkbp:associatedWith gptkb:APT34
gptkb:APT33
Iranian cyber operations
gptkbp:attributedTo gptkb:Iranian_Ministry_of_Intelligence_and_Security
gptkbp:countryOfOrigin gptkb:Iran
https://www.w3.org/2000/01/rdf-schema#label MuddyWater
gptkbp:infrastructure cloud-based services
compromised servers
legitimate remote administration tools
gptkbp:notableEvent attacks on Turkish government entities
attacks on energy sector in Saudi Arabia
attacks on telecommunications in the Middle East
gptkbp:reportsTo gptkb:Cisco_Talos
gptkb:Microsoft
gptkb:FireEye
gptkb:US_Cyber_Command
gptkb:Symantec
gptkbp:target gptkb:Europe
gptkb:Middle_East
gptkb:North_America
gptkb:energy
government organizations
telecommunications sector
gptkbp:technique command and control
data exfiltration
social engineering
PowerShell scripts
credential harvesting
living off the land
spear phishing
lateral movement
malicious documents
custom malware development
obfuscation
gptkbp:usesMalware gptkb:BlackWater
gptkb:Ligolo
gptkb:MuddyC3
gptkb:MuddyWater_Loader
gptkb:MuddyWater_PowerShell_Backdoor
gptkb:MuddyWater_RAT
gptkb:SharpStage
gptkb:POWERSTATS
gptkb:Canopy
gptkbp:bfsParent gptkb:TA-59
gptkb:TA-99
gptkbp:bfsLayer 5