MuddyC2Go – Latest C2 Framework Used by Iranian APT MuddyWater Spotted in Israel [Thursday, November 9, 2023]

MuddyC2Go – Latest C2 Framework Used by Iranian APT MuddyWater Spotted in Israel [Thursday, November 9, 2023]
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/ATTACK-REPORT-LOGO-2.png
Report

MuddyC2Go – Latest C2 Framework Used by Iranian APT MuddyWater Spotted in Israel

Description :
A previously unreported C2 framework suspected to be in use by the MuddyWater APT group is now being used by an unknown group.

Published :
2023-11-09T14:25:40.105Z

Created :
2023-11-09T14:25:40.105Z

Modified :
2023-11-09T14:30:39.147Z

Tags

  • muddywater
  • powershell
  • python
  • c2 framework
  • phonyc2
  • stark

Indicators

IPv4s :
  • 95.164.46.199
  • 162.223.89.11
  • 109.201.140.103
  • 95.164.38.99
  • 45.150.64.239
  • 95.164.46.35
  • 45.150.64.39
  • 45.150.64.23
  • 94.131.98.14
  • 185.248.144.158
  • 45.67.230.91
  • 94.131.109.65
  • 164.132.237.65
  • 137.74.131.18
  • 137.74.131.20
  • 91.121.240.108
  • 141.95.177.130
Domains :
  • jbf1.nc1310022a.biz
  • mbcaction.hopto.org
  • ghostrider.serveirc.com
  • qjk2.6nc051221c.co
  • microsoftfice.ddns.net
Hashes :
  • 63e404011aeabb964ce63f467be29d678d0576bddb72124d491ab5565e1044cf
  • 5e871ae33537e7e98c81ef55e662d7052ead20195212bf16ebd6fe0a506c9638
Attacks Pattern :
  • T1547
  • T1566
  • T1059
External References :

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.