|
gptkbp:instanceOf
|
cybercrime
|
|
gptkbp:activeYearsStart
|
2017
|
|
gptkbp:alsoKnownAs
|
gptkb:Seedworm
gptkb:Static_Kitten
|
|
gptkbp:associatedWith
|
gptkb:APT34
gptkb:APT33
|
|
gptkbp:attributedTo
|
gptkb:Iranian_Ministry_of_Intelligence_and_Security
|
|
gptkbp:connectsTo
|
gptkb:Iranian_government
|
|
gptkbp:countryOfOrigin
|
gptkb:Iran
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
MuddyWater group
|
|
gptkbp:mainLanguage
|
gptkb:Farsi
|
|
gptkbp:notableEvent
|
attacks on energy sector in Saudi Arabia
attacks on telecommunications in the Middle East
attacks on government agencies in Turkey
|
|
gptkbp:reportsTo
|
gptkb:Kaspersky
gptkb:Cisco_Talos
gptkb:Microsoft
gptkb:Palo_Alto_Networks
gptkb:ClearSky_Security
gptkb:FireEye
gptkb:Symantec
|
|
gptkbp:target
|
gptkb:Europe
gptkb:Middle_East
gptkb:North_America
gptkb:energy
government organizations
defense sector
telecommunications sector
|
|
gptkbp:technique
|
phishing
social engineering
PowerShell scripts
living off the land
spear phishing
malicious documents
|
|
gptkbp:TTPs
|
data exfiltration
credential harvesting
custom backdoors
use of compromised email accounts
multi-stage attacks
use of legitimate tools for lateral movement
use of open-source tools
|
|
gptkbp:usesMalware
|
gptkb:BlackWater
gptkb:MuddyC3
gptkb:MuddyWater_RAT
gptkb:SharpStage
gptkb:Mimikatz
gptkb:POWERSTATS
gptkb:Canopy
|
|
gptkbp:bfsParent
|
gptkb:MuddyWater_Loader
gptkb:MuddyWater_RAT
|
|
gptkbp:bfsLayer
|
7
|