On February 24, 2022, the FBI, CISA, U.S. Cyber Command’s Cyber National Mission Force, and the UK’s National Cyber Security Centre issued an alert on MuddyWater, an Iranian state-sponsored APT, and its recent cyber-espionage operations [1]. In response, Picus Labs added simulations for these new MuddyWater activities to the Picus Threat Library. This blog breaks down the newly observed MuddyWater malware families in detail.
Test your security controls against MuddyWater Attacks
MuddyWater is a cyber-espionage group that targets various organizations in telecommunications, defense, local government, oil, and natural gas sectors worldwide. According to US Cyber Command, MuddyWater operates under the Iranian Ministry of Intelligence and Security (MOIS) and provides confidential information to the Iranian government [2]. In addition to espionage, the APT group operates ransomware attacks. MuddyWater is also known as Static Kitten, Earth Vetala, MERCURY, Seedworm, and TEMP.Zagros. The cyber-espionage group has been known to be active since 2017.
Recently, MuddyWater has been observed to use various malware variants of PowGoop, Small Sieve, Canopy (also known as Starwhale), Mori, and POWERSTATS.
PowGoop malware is a malicious DLL loader that disguises itself as a legitimate Google Update executable. PowGoop malware is made of 3 components.
👉 Check out our blog post on PowGoop for more information.
2. Small Sieve Backdoor
Small Sieve is a backdoor malware. It is written in Python and communicates with the MuddyWater C2 server using an encrypted channel over Telegram Bot API to avoid detection. Small Sieve is distributed using a Nullsoft Scriptable Install System (NSIS) installer named gram_app.exe. Once executed, it places a Python backdoor called index.exe that can download files and execute commands in the infected system. It also establishes persistence by adding a new registry run key named OutlookMicrosift; the typo is intentional to appear legitimate.
3. Canopy (Starwhale)
Canopy is a type of malware called spyware that collects the victim's username, computer name, and IP address and sends it to the MuddyWater group. Canopy malware is also known as Starwhale malware. Canopy is distributed via spearphishing emails with an Excel file named 'Cooperation term.xls' as an attachment. The Excel file contains malicious Visual Basic for Applications and Windows Script File scripts that establish persistence and exfiltrates user data in an encoded format using an HTTP POST request.
4. Mori
Mori is another backdoor used by the MuddyWater APT group that uses DNS tunneling to exfiltrate the victim’s data to C2 servers of MuddyWater. Mori uses a malicious DLL file named FML.dll that contains junk data to avoid detection.
5. POWERSTATS
POWERSTATS is a PowerShell-based backdoor that MuddyWater uses to collect confidential information belonging to the victim. POWERSTATS is also known as Powermud backdoor, and it is considered a signature malware for MuddyWater. The malware steals saved passwords to access the victim's email and social media accounts to collect sensitive data.
Using the Picus Continuous Security Validation Platform, you can test your security controls against the MuddyWater attacks. We advise you to simulate MuddyWater cyber-attacks and determine whether your security controls can prevent them or not. Picus Threat Library includes the following threats to simulate MuddyWater threats.
Test your security controls against MuddyWater Attacks Now!
|
Threat Name |
|
Backdoor Malware used by Muddywater .EXE File Download (3 variants) |
|
Canopy Malware Dropper used by Muddywater .XLS File Download (1 variant) |
|
Canopy Malware used by Muddywater .WSF File Download (3 variants) |
|
Delphstats Backdoor Malware used by MuddyWater .EXE File Download (1 variant) |
|
Earth Vetala - MuddyWater Dropper .PDF File Download (1 variant) |
|
Earth Vetala - MuddyWater Dropper .RTF File Download (1 variant) |
|
Earth Vetala - MuddyWater PassDump Infostealer .DLL File Download (1 variant) |
|
MuddyWater Exploit Document Malware .DOC File Download (1 variant) |
|
Lazagne Credential Dumper used by MuddyWater .EXE File Download (1 variant) |
|
MuddyWater Macro-Embedded Document Trojan .DOC File Download (7 variants) |
|
Malware Downloader used by Muddywater .DOC File Download (3 variants) |
|
Malware Downloader used by Muddywater .XLS File Download (3 variants) |
|
Mori backdoor used by Muddywater .DLL File Download (1 variant) |
|
MuddyWater APT Scenario |
|
MuddyWater Malware Dropper .DOC File Download (21 variants) |
|
MuddyWater Valyria Trojan .DOC File Download (1 variant) |
|
Powermud Backdoor used by MuddyWater .EXE File Download (9 variants) |
|
PowerShell Based Backdoor used by MuddyWater .DLL File Download (4 variants) |
|
PowerShell Based Backdoor used by MuddyWater .DOC File Download (2 variants) |
|
Powerstats Backdoor Dropper Used by MuddyWater .VBS File Download (1 variant) |
|
Powerstats Backdoor Malware Used by MuddyWater .EXE File Download (4 variants) |
|
Powerstats Backdoor Malware Used by MuddyWater .PS1 File Download (1 variant) |
|
PowGoop Loader used by MuddyWater .DAT File Download (2 variants) |
|
PowGoop Loader used by MuddyWater .DLL File Download (2 variants) |
|
Quicksand - Covicli Backdoor used by Muddywater .DLL File Download (1 variant) |
|
Quicksand - Dropper used by Muddywater .ASPX File Download (1 variant) |
|
Quicksand - Malware Downloader used by Muddywater .PS1 File Download (1 variant) |
|
Quicksand - PowGoop Loader used by Muddywater .DLL File Download (1 variant) |
|
Quicksand - SSF.MX Backdoor used by Muddywater .EXE File Download (1 variant) |
|
Sharpstats Backdoor Malware used by MuddyWater .PS1 File Download (4 variants) |
|
Small Sieve Backdoor used by Muddywater .EXE File Download (2 variants) |
|
MuddyWater Trojan Downloader .JS File Download (2 variants) |
Reconnaissance
T1589.002 Gather Victim Identity Information: Email Addresses
T1583.006 Acquire Infrastructure: Web Services
T1588.002 Obtain Capabilities: Tool
T1566.001 Phishing: Spearphishing Attachment
T1566.002 Phishing: Spearphishing Link
T1047 Windows Management Instrumentation
T1059.001 Command and Scripting Interpreter: PowerShell
T1059.003 Command and Scripting Interpreter: Windows Command Shell
T1059.005 Command and Scripting Interpreter: Visual Basic
T1059.006 Command and Scripting Interpreter: Python
T1059.007 Command and Scripting Interpreter: JavaScript
T1203 Exploitation for Client Execution
T1204.001 User Execution: Malicious Link
T1204.002 User Execution: Malicious File
T1559.001 Inter-Process Communication: Component Object Model
T1559.002 Inter-Process Communication: Dynamic Data Exchange
T1053.005 Scheduled Task/Job: Scheduled Task
T1137.001 Office Application Startup: Office Template Macros
T1543.003 Create or Modify System Process: Windows Service
T1547.001 Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
T1547.005 Boot or Logon Autostart Execution: Security Support Provider
T1134 Access Token Manipulation
T1548.002 Abuse Elevation Control Mechanism: Bypass User Account Control
T1555 Credentials from Password Stores
T1555.003 Credentials from Web Browsers
T1027 Obfuscated Files or Information
T1027.003 Steganography
T1027.004 Compile After Delivery
T1027.005 Obfuscated Files or Information: Indicator Removal from Tools
T1036.005 Masquerading: Match Legitimate Name or Location
T1055.001 Process Injection: Dynamic-link Library Injection
T1055.002 Process Injection: Portable Executable Injection
T1140 Deobfuscate/Decode Files or Information
T1218.003 Signed Binary Proxy Execution: CMSTP
T1218.005 Signed Binary Proxy Execution: Mshta
T1218.011 Signed Binary Proxy Execution: Rundll32
T1480 Execution Guardrails
T1562.001 Impair Defenses: Disable or Modify Tools
T1574.001 Hijack Execution Flow: DLL Search Order Hijacking
T1574.002 Hijack Execution Flow: DLL Side-Loading
T1574.007 Hijack Execution Flow: Path Interception by PATH Environment Variable
T1574.008 Hijack Execution Flow: Path Interception by Search Order Hijacking
T1574.009 Hijack Execution Flow: Path Interception by Unquoted Path
T1003.001 OS Credential Dumping: LSASS Memory
T1003.004 OS Credential Dumping: LSA Secrets
T1003.005 OS Credential Dumping: Cached Domain Credentials
T1552.001 Unsecured Credentials: Credentials In Files
T1552.002 Unsecured Credentials: Credentials in Registry
T1552.006 Unsecured Credentials: Group Policy Preferences,
T1558.003 Steal or Forge Kerberos Tickets: Kerberoasting
T1005 Data from Local System
T1012 Query Registry
T1016 System Network Configuration Discovery
T1033 System Owner/User Discovery
T1049 System Network Connections Discovery
T1057 Process Discovery
T1082 System Information Discovery
T1083 File and Directory Discovery
T1087.002 Account Discovery: Domain Account
T1482 Domain Trust Discovery
T1518 Software Discovery
T1518.001 Security Software Discovery
T1056.001 Input Capture: Keylogging
T1113 Screen Capture
T1123 Audio Capture
T1560.001 Archive Collected Data: Archive via Utility
T1071.001 Application Layer Protocol: Web Protocols
T1090.002 Proxy: External Proxy
T1102.002 Web Service: Bidirectional Communication
T1104 Multi-Stage Channels
T1105 Ingress Tool Transfer
T1132.001 Data Encoding: Standard Encoding
T1132.002 Data Encoding: Non-Standard Encoding
T1219 Remote Access Software
T1572 Protocol Tunneling
T1041 Exfiltration Over C2 Channely
|
MD5 |
SHA-1 |
SHA-256 |
|
b0ab12a5a4c232c902cdeba421872c37 |
a8e7659942cc19f422678181ee23297efa55fa09 |
026868713d60e6790f41dc7046deb4e6795825faa903113d2f22b644f0d21141 |
|
e182a861616a9f12bc79988e6a4186af |
69840d4c4755cdab01527eacbb48577d973f7157 |
c2badcdfa9b7ece00f245990bb85fb6645c05b155b77deaf2bb7a2a0aacbe49e |
|
cb84c6b5816504c993c33360aeec4705 |
9f212961d1de465c20e84f3c4d8ac0302e02ce37 |
d77e268b746cf1547e7ed662598f8515948562e1d188a7f9ddb8e00f4fd94ef0 |
|
e1f97c819b1d26748ed91777084c828e |
4209a007fcf4d4913afad323eb1d1ae466f911a6 |
ed988768f50f1bb4cc7fb69f9633d6185714a99ecfd18b7b1b88a42a162b0418 |
|
0431445d6d6e5802c207c8bc6a6402ea |
3765c1ad8a1d936aad88255aef5d6d4ce24f94e8 |
3098dd53da40947a82e59265a47059e69b2925bc49c679e6555d102d1c6cbbc8 |
|
15fa3b32539d7453a9a85958b77d4c95 |
11d594f3b3cf8525682f6214acb7b7782056d282 |
b75208393fa17c0bcbc1a07857686b8c0d7e0471d00a167a07fd0d52e1fc9054 |
|
5763530f25ed0ec08fb26a30c04009f1 |
2a6ddf89a8366a262b56a251b00aafaed5321992 |
bf090cf7078414c9e157da7002ca727f06053b39fa4e377f9a0050f2af37d3a2 |
|
f21371716c281e38b31c03f28d9cc7c0 |
be9dbee320d8870b3416e9a348f3f5aa92e1081b |
f6569039513e261ba9c70640e6eb8f59a0c72471889d3c0eaba51bdebb91d285 |
|
817ab97c5be4f97a3b66d3293e46adc7 |
9ce6287a4bc8e05b32196769483c98c914cda453 |
7dc49601fa6485c3a2cb1d519794bee004fb7fc0f3b37394a1aef6fceefec0c8 |
|
366910fc6c707b5a760413dd4ab0c8e9 |
bc3fc89637437aed2223f0a6b4fda73a8afede1a |
450302fb71d8e0e30c80f19cfe7fb7801b223754698cac0997eb3a3c8e440a48 |
|
fbacc4e15a4c17daac06d180c6db370e |
9c483899654caae1ca6a698275535633cd9571be |
5cdc7dd6162a8c791d50f5b2c5136d7ba3bf417104e6096bd4a2b76ea499a2f4 |
|
59629ec48fec4c8480a9b09471815ad5 |
ebf083d22fb0cf04cdf0360ac8e892a1df45d1b6 |
fcdd38ff378605c66333429d9df2242fbce25a5f69f4d6d4c11d9613bcb409b0 |
|
325493b99c01f442200316332b1d0b4c |
a7b57d47c1b80c61c61c1bcf9089eed6fdaac756 |
a69fee382cf86f9e457e0688932cbd00671d0d5218f8043f1ee385278ee19c8c |
|
218d4151b39e4ece13d3bf5ff4d1121b |
28e799d9769bb7e936d1768d498a0d2c7a0d53fb |
2471a039cb1ddeb826f3a11f89b193624d89052afcbee01205dc92610723eb82 |
|
a65696d6b65f7159c9ffcd4119f60195 |
570f7272412ff8257ed6868d90727a459e3b179e |
b5b1e26312e0574464ddef92c51d5f597e07dba90617c0528ec9f494af7e8504 |
|
a27655d14b0aabec8db70ae08a623317 |
8344f2c1096687ed83c2bbad0e6e549a71b0c0b1 |
12db8bcee090521ecf852bf215ce3878737517a22ef1f2ff9bdec7cba8d0d3aa |
|
cec48bcdedebc962ce45b63e201c0624 |
81f46998c92427032378e5dead48bdfc9128b225 |
dd7ee54b12a55bcc67da4ceaed6e636b7bd30d4db6f6c594e9510e1e605ade92 |
|
c0c2cd5cc018e575816c08b36969c4a6 |
47a4e0d466bb20cec5d354e56a9aa3f07cec816a |
b1e30cce6df16d83b82b751edca57aa17795d8d0cdd960ecee7d90832b0ee76c |
|
37fa9e6b9be7242984a39a024cade2d5 |
0211569091b96cffab6918e18ccc97f4b24d88d4 |
42ca7d3fcd6d220cd380f34f9aa728b3bb68908b49f04d04f685631ee1f78986 |
|
64fc017a451ef273dcacdf6c099031f3 |
6aa8b4f4a6fd1b4f768b1ac6faaaddbaa302a585 |
70cab18770795ea23e15851fa49be03314dc081fc44cdf76e8f0c9b889515c1b |
|
3c2a436c73eeb398cfc0923d9b08dcfe |
8afe8c82901a1a07fb92d10457617f7eb16a4eea |
468e331fd3f9c41399e3e90f6fe033379ab69ced5e11b35665790d4a4b7cf254 |
|
2ec61c8b7e57126025ebfdf2438418fc |
5844344b5cf4c8d0d577f5506c8e5d4d680bd0d6 |
ccdddd1ebf3c5de2e68b4dcb8fbc7d4ed32e8f39f6fdf71ac022a7b4d0aa4131 |
|
d632c8444aab1b43a663401e80c0bac4 |
2b3981a8889d51bb14a3a974d1578b0161b8784b |
3da24cd3af9a383b731ce178b03c68a813ab30f4c7c8dfbc823a32816b9406fb |
|
ff46053ad16728062c6e7235bc7e8deb |
a62b4ecfd5929769e5aeaef9785efce1d4919465 |
6edc067fc2301d7a972a654b3a07398d9c8cbe7bb38d1165b80ba4a13805e5ac |
|
d15aee026074fbd18f780fb51ec0632a |
352687a98fb232e5614f7ce7cd57512553535915 |
af5f102f0597db9f5e98068724e31d68b8f7c23baeea536790c50db587421102 |
|
fbe65cd962fc97192d95c40402eee594 |
dc7fca6a34a3a65cf5df6c17435fc5f2f1c62b93 |
61072ae06a5e25194e7bf6297026b54ae52fcfc14787ead8866866d8098a1fa3 |
|
ee2d1e570be5d53a5c970339991e2fd7 |
ae0830b1286ad3678bca82105c5db8203035dc72 |
92bbd427ad2daf5644c5671b6dc369e02c00d03e4a13eadc2bb3025c0cdf3ec2 |
|
2c3d8366b6ed1aa5f1710d88b3adb77d |
607635ce4cf03548084bc64a65b9ec9c03c86840 |
6d065532daab06c0b15c73d808c03b8497bb80fdd19c012bfc8771905f1f4066 |
|
1d6f241798818e6fdc03015d01e1e680ü |
0984f359c1f8c85da5a0662448a4fedab4c524e5 |
b154d3fd88767776b1e36113c479ef3487ceda0f6e4fc80cef85ba539a589555 |
|
b07d9eca8af870722939fd87e928e603 |
a80c650cd1a486e077b2e1867f36f553cb682a41 |
19ec3f16a42ae58ab6feddc66d7eeecf91d7c61a0ac9cdc231da479088486169 |
|
b44ccd6939bdbc8f61c9e71a128b2613 |
2a7d210f43e1aa80affbbeb7ad5350fc653cb7c4 |
503b2b01bb58fc433774e41a539ae9b06004c7557ac60e7d8a6823f5da428eb8 |
|
692815cce754b02fe5085375cab1f7b2 |
732284173858d6b671c2fec0456e3c0fdfc063ce |
6be18e3afeec482c79c9dea119d11d9c1598f59a260156ee54f12c4d914aed8f |
|
851f083d29c5f8f411a7ad0392c4496c |
b1b9fb39ad20f056e352c72e79dfcbde3052d437 |
484f78eb4a3bb69d62491fdb84f2c81b7ae131ec8452a04d6018a634e961cd6a |
|
8b3da6c97a53188e4af2d404dea654b6 |
19a2db6bf5987b3961b61c8d19df8fa5f7aee79a |
3deaa4072da43185d4213a38403383b7cefe92524b69ce4e7884a3ddc0903f6b |
|
6c303f68b97b72100637735cd2150393 |
63a8be0e2091f1cb11773e9e0576fdaaf52b6b10 |
4ba618c04cbdc47de2ab5f2c91f466bc42163fd541de80ab8b5e50f687bbb91c |
|
cf5c526d50a385ba289c08affbdc85ed |
dccf6a68d8b413dab46dd0dde2a692d864da7ab4 |
e241b152e3f672434636c527ae0ebbd08c777f488020c98efce8b324486335c5 |
|
d4259eb8e3b90ac08c9337df84468e87 |
631616a7d6f4d9f83a81e6efdcc03574994c2786 |
6ee79815f71e2eb4094455993472c7fb185cde484c8b5326e4754adcb1faf78e |
|
6f44e57c81414355e3d0d0dafdf1d80e |
4c4ac9a8bda6afc6172d50b25318833eb82045d3 |
81c7787040ed5ecf21b6f80dc84bc147cec518986bf25aa933dd44c414b5f498 |
|
1dae271ffc1841009104521e9c37e993 |
4f0272f0c41dbd3c4269f864ce30f668b5cb92e8 |
999e4753749228a60d4d20cc5c5e27ca4275fe63e6083053a5b01b5225c8d53a |
|
ed490e756b349443694d9a14952a0816 |
dfffeffdcaa90934a8788b72d40b7c44eb343910 |
4bd93e4a9826a65ade60117f6136cb4ed0e17beae8668a7c7981d15c0bed705a |
|
eed599981c097944fa143e7d7f7e17b1 |
b604dd6517dfd0df72e52ebc3f92da699c1396cd |
a3bb6b3872dd7f0812231a480881d4d818d2dea7d2c8baed858b20cb318da981 |
|
21aebece73549b3c4355a6060df410e9 |
dbab599d65a65976e68764b421320ab5af60236f |
0d3e0c26f7f53dff444a37758b414720286f92da55e33ca0e69edc3c7f040ce2 |
|
5c6148619abb10bb3789dcfb32f759a6 |
9732cf8c9e84e992d8856537dc5988371bb73f7c |
bef9051bb6e85d94c4cfc4e03359b31584be027e87758483e3b1e65d389483e6 |
|
ddba713c20c232bcd60daf0ffabeffb8 |
23bae509a3f47223e3ad1c3fadc600cfb63a80d6 |
1205f5845035e3ee30f5a1ced5500d8345246ef4900bcb4ba67ef72c0f79966c |
|
e2ed0be977ab9e50055337ec8eb0ddf4 |
8e05a8a34855b4bac56cfe223e70479235720c99 |
51121dd5fbdfe8db7d3a5311e3e9c904d644ff7221b60284c03347938577eecf |
|
54982c616098f6c6fbc48703922f15f4 |
9ca4dd5043c18ebbbc9d8c789e3ee67de26c4ad0 |
51ac160f7d60a9ce642080af0425a446fb25b7067e06b3a9a8ec2f777836efd3 |
|
e6e7661efb60b9aea7969a30e17ace19 |
a2ac825e6def9fb9dcef07e3df84279a343f06c7 |
5723f425e0c55c22c6b8bb74afb6b506943012c33b9ec1c928a71307a8c5889a |
|
488723b8e56dbaac8ccdc79499037d5f |
6db26ce598b86e96ca2ba132d2d847beca8521ee |
884e991d2066163e02472ea82d89b64e252537b28c58ad57d9d648b969de6a63 |
|
fa200e715e856550c76f729604ebaf57 |
7bf879aaf66bb5fc5b97bb29c966f3b21c8e25c8 |
bf696397784b22f8e891dd0627dce731f288d14d4791ac5d0a906bc1cbe10de6 |
|
837eaad1187fe9fbf91f9bc7c054f5d9 |
e5deb0093e08ece9ef1d0a209bd8240bba49b527 |
bf8f30031769aa880cdbe22bc0be32691d9f7913af75a5b68f8426d4f0c7be50 |
|
989e9dcc2182e2b5903b9acea03be11d |
37df30c904ee7a761120e202c6ea12c9da13f007 |
c92e70515d594c582e4433f2aca6c8f2aa60f1af0aa21a08173ff2feb7d34359 |
|
a750e2885ed3c294de148864723f73e3 |
f7f8a79d86579d220d0294520e2fcebea53d08f0 |
f1f11830b60e6530b680291509ddd9b5a1e5f425550444ec964a08f5f0c1a44e |
|
ca9230a54f40a6a0fe52d7379459189c |
b6a6139e9037d2719482474c71c4a5d847c717e6 |
294a907c27d622380727496cd7c53bf908af7a88657302ebd0a9ecdd30d2ec9d |
|
5935522717aee842433a5de9d228a715 |
bd2953a4ec7538a5868423e336517376b3dc5864 |
65bd49d9f6d9b92478e3653362c0031919607302db6cfb3a7c1994d20be18bcc |
|
0cf25597343240f88358c694d7ae7e0a |
11e4572812a0835c58f27814b031fb68c22f1a7b |
b6c483536379840e89444523d27ac7828b3eb50342b992d2c8f608450cd7bb53 |
|
44c900bd374ebce1aac1f1e45958f0fe |
0608182a5ee641ac33aea6fbd14862013ccd88e6 |
e5c56c5b9620fb542eab82bdf75237d179bc996584b5c5f7a1c34ef5ae521c7d |
|
9533003c5f7c718951a3171da03844fb |
9e97cf4050fc052ae144fcecb33294c39a7a7672 |
43080479eb1b00ba80c34272c5595e6ebdc6b0ffabcdc2c40ea2af49fcc43db4 |
|
3b6b74bf57746a31b7c8bdbb22282290 |
128606f1119b6fdcd00937a1fe54dbef18670251 |
0acd10b14d38a4ac469819dfa9070106e7289ecf7360e248b7f10f868c2f373d |
|
127bd5e7f11977a07428837a2d2fa9f1 |
6f9d9466babda3473726b96891eb4bcd8098591b |
888a6f205ac9fc40d4898d8068b56b32f9692cb75f0dd813f96a7bd8426f8652 |
|
b897fa2a9a3067dfd919cc27c269b203 |
7cb835c87b0fe6f5dc13a668ecb36cc6b35f44cf |
4f509354d8b3152a40c64ce61f7594d592c1256ad6c0829760b8dbdcb10579a2 |
|
8fbb83e448095d1c73ee1431abc15c80 |
19e26c789eb5203d9ad94f74cc4369216ae40619 |
41ee0ab77b474b0c84a1c25591029533f058e4454d9f83ba30159cc6309c65d1 |
|
24e1bd221ba3813ed7b6056136237587 |
8d86e25ee414d49cf925d5fd333443e39eebfc8f |
3d96811de7419a8c090a671d001a85f2b1875243e5b38e6f927d9877d0ff9b0c |
|
37f7e6e5f073508e1ee552ebea5d200e |
34f4c4ac3500a91c5d9394b247ba1eeb7152535d |
d07d4e71927cab4f251bcc216f560674c5fb783add9c9f956d3fc457153be025 |
|
ffb8ea0347a3af3dd2ab1b4e5a1be18a |
99d3597fea978d3d8ea6ad1e5727d581ec409c1a |
fbbda9d8d9bcaaf9a7af84d08af3f5140f5f75778461e48253dc761cc9dc027c |
|
fdb4b4520034be269a65cfaee555c52e |
fe94be7b44239bd1aff24a436294031dd4a2d4c2 |
240b7d2825183226af634d3801713b0e0f409eb3e1e48e1d36c96d2b03d8836b |
|
7a2ff07283ddc69d9f34cfa0d3c936d4 |
db6376bfd590285e271387c81b676281a7a80abb |
18cf5795c2208d330bd297c18445a9e25238dd7f28a1a6ef55e2a9239f5748cd |
|
9486593e4fb5a4d440093d54a3519187 |
f9bc806bc1fb99e8e88e3d8f142729bdd5a44ec9 |
707d2128a0c326626adef0d3a4cab78562abd82c2bd8ede8cc82f86c01f1e024 |
|
b8939fa58fad8aa1ec271f6dae0b7255 |
0336503957730b0669a4575fa64b9c4d9d25f240 |
76e9988dad0278998861717c774227bf94112db548946ef617bfaa262cb5e338 |
|
665947cf7037a6772687b69279753cdf |
89f726a22b1cad37d95befeed64a6c379f7db2ad |
94625dd8151814dd6186735a6a6a87b2a4c71c04b8402caf314fb6f98434eaad |
|
801f34abbf90ac2b4fb4b6289830cd16 |
0282bf2a9dca0a87e7fe2a12480c1cc2ea234b49 |
b7b8faac19a58548b28506415f9ece479055e9af0557911ca8bbaa82b483ffb8 |
|
68e89d88b7cca6f12707d5a463c9d1d8 |
7aed1190356493472ffcf1eb2d7d61f1ea3e6809 |
2727bf97d7e2a5e7e5e41ccbfd7237c59023d70914834400da1d762d96424fde |
|
5bd61a94e7698574eaf82ef277316463 |
a80655582da300ba1e1c3f4ac78d61a5a8f6d3ab |
c87799cce6d65158da97aa31a5160a0a6b6dd5a89dea312604cc66ed5e976cc9 |
|
bf310319d6ef95f69a45fc4f2d237ed4 |
f53f52b9aa4573f7250d7693617f8617ec139aad |
009cc0f34f60467552ef79c3892c501043c972be55fe936efb30584975d45ec0 |
|
1de684f66a87cdf8485f95693d188596 |
754442f677f4129dbb784b116dad036d543ca725 |
40a6b4c6746e37d0c5ecb801e7656c9941f4839f94d8f4cd61eaf2b812feaabe |
|
3e6e37b381bf968c7718cb2323f275f8 |
962559d4e17b6d20d19f53cf217f3ed17571b119 |
16bcb6cc38347a722bb7682799e9d9da40788e3ca15f29e46b475efe869d0a04 |
|
ccb6108b7d29e8f3af6275c1256dd82e |
0be43791372178a889619025009556c2ea788983 |
b2c10621c9c901f0f692cae0306baa840105231f35e6ec36e41b88eebd46df4c |
|
c90e22b6579a3447836e299cbc5d0af0 |
e71258cb7e3e8693369a5fca8824122eaba3f602 |
58282917a024ac252966650361ac4cbbbed48a0df7cab7b9a6329d4a04551c0d |
|
a86249a392b394c803ddbd5bbaa0b4bb |
04644126b82e83a6c9ae5da91a3584a41ad7e687 |
588cd0fe3ae6fbd2fa4cf8de8db8ae2069ea62c9eaa6854caedf45045780661f |
|
ebc529b32422b6385b6ba3416c7afe13 |
2ab8f082762faf97f3cbea43e208a4cee923a115 |
97f9a83bc6bb1b3f5cb7ac9401f95265597bff796bb4901631d6fa2c79a48bdc |
|
9f00ac3bef01d2e3d8ebc48c3468d5c0 |
80bbed38197bfbf9de7e9ceb7ee084fc773e2b2a |
1b60b7f9b0faf25288f1057b154413921a6cb373dcee43e831b9263c5b3077ce |
|
0873ddb4df8320b493a719bdddd7d182 |
56420230b25ac7f6d43c223cc303458aa1c60a6e |
2c8d18f03b6624fa38cae0141b91932ba9dc1221ec5cf7f841a2f7e31685e6a1 |
|
b0a365d0648612dfc33d88183ff7b0f0 |
bb09fa209f596f4390b29cf64034311444464c4b |
a3c1fd46177a078c4b95c744a24103df7d0a58cee1a3be92bc4cdd7dec1b1aa5 |
|
0e53da32937cb3718988026d9e96a5f0 |
08ef2f27cee1b0b80fadc9a5b8e356600ddd199a |
367021beedb3ad415c69c9a0e657dc3ed82b1b24a41a71537d889f5e2b7ca433 |
|
135238bc43fddd0867676aef1e9aaf83 |
87a6c50d81f1767076027bfa4163a5853645e297 |
de6ce9b75f4523a5b235f90fa00027be5920c97a972ad6cb2311953446c81e1d |
|
65c64c5aa55d3d78f08456cb20012fcf |
0b51193e6b17d7be8cd11fe4f330eb4edc6ec394 |
16985600c959f6267476da614243a585b1b222213ec938351ef6a26560c992db |
|
2ded75ea4e55ed1dad579b9ce0eb01b2 |
78b3b382b27b07f18f09806475b02abed7f2ff77 |
cf87a2ac51503d645e827913dd69f3d80b66a58195e5a0044af23ea6ba46b823
|
[1] “Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks.” [Online]. Available: https://www.cisa.gov/uscert/ncas/alerts/aa22-055a.
[2] “Iranian intel cyber suite of malware uses open source tools,” U.S. Cyber Command, Jan. 12, 2022. [Online]. Available: https://www.cybercom.mil/Media/News/Article/2897570/iranian-intel-cyber-suite-of-malware-uses-open-source-tools/.