216.73.216.86

Unmasking an Attack Chain of MuddyWater

· Published 07/03/2026 09:44 · Modified 09/03/2026 11:00

Export JSON

Essential information

Published
07/03/2026 09:44
Modified
09/03/2026 11:00
Tags
2026-03-07 apt dll side-loading fmapp.dll iranian rdp ssh tunnel
Related entities
5 observables, 1 intrusion sets (apt), 9 techniques (mitre), 1 malware, 1 others

Description

An intrusion attributed to MuddyWater, an -linked , was identified in a customer environment. The attack involved initial access through , establishing an , and deploying malware via . The threat actor used FMAPP.exe, a legitimate Fortemedia Inc. application, to load a malicious for C2 communications. The timeline of activities revealed typos in commands, suggesting manual typing by the attacker. The intrusion included reconnaissance efforts, attempts to verify tunnel functionality, and issues with initial C2 communication. The attack targeted an Israeli company, aligning with known MuddyWater tactics.

External references