otx.alienvault.com Open in urlscan Pro
18.66.248.115  Public Scan

Form analysis
0 forms found in the DOM

Text Content

×

   
 * Browse
 * Scan Endpoints
 * Create Pulse
 * Submit Sample
 * API Integration
   
   
 * Login | Sign Up
   

All
   
 * Login | Sign Up
   
 * 
   


Share
Actions
Subscribers (177028)
Suggest Edit
Clone
Embed
Download
Report Spam



IRANIAN GOVERNMENT-SPONSORED ACTORS CONDUCT CYBER OPERATIONS AGAINST GLOBAL
GOVERNMENT AND COMMERCIAL NETWORKS

   
 * Created 1 hour ago by AlienVault
 * Public
 * TLP: White

A group of Iranian government-sponsored advanced persistent threat actors, known
as MuddyWater, are conducting cyber espionage and other malicious cyber
operations against global government and commercial networks, the US Department
of Homeland Security (DoH) has warned.

Reference:
https://www.cisa.gov/uscert/ncas/alerts/aa22-055a
Tags:
MuddyWater, Goverment, PowGoop, Small Sieve, Canopy, Mori, POWERSTATS
Adversary:
MuddyWater
Industries:
Government, Telecommunications
Malware Families:
MuddyWater , POWERSTATS , Small Sieve , Starwhale , PowGoop
Att&ck IDs:
T1005 - Data from Local System , T1016 - System Network Configuration Discovery
, T1027 - Obfuscated Files or Information , T1033 - System Owner/User Discovery
, T1041 - Exfiltration Over C2 Channel , T1047 - Windows Management
Instrumentation , T1049 - System Network Connections Discovery , T1057 - Process
Discovery , T1082 - System Information Discovery , T1083 - File and Directory
Discovery , T1104 - Multi-Stage Channels , T1105 - Ingress Tool Transfer , T1113
- Screen Capture , T1140 - Deobfuscate/Decode Files or Information , T1203 -
Exploitation for Client Execution , T1204 - User Execution , T1218 - Signed
Binary Proxy Execution , T1219 - Remote Access Software , T1480 - Execution
Guardrails , T1518 - Software Discovery , T1555 - Credentials from Password
Stores , T1572 - Protocol Tunneling , T1574 - Hijack Execution Flow , T1001.001
- Junk Data , T1003.001 - LSASS Memory , T1003.004 - LSA Secrets , T1003.005 -
Cached Domain Credentials , T1027.003 - Steganography , T1027.004 - Compile
After Delivery , T1036.005 - Match Legitimate Name or Location , T1053.005 -
Scheduled Task , T1059.001 - PowerShell , T1059.006 - Python , T1059.003 -
Windows Command Shell , T1059.005 - Visual Basic , T1059.007 - JavaScript ,
T1071.001 - Web Protocols , T1087.002 - Domain Account , T1090.002 - External
Proxy , T1102.002 - Bidirectional Communication , T1132.001 - Standard Encoding
, T1132.002 - Non-Standard Encoding , T1137.001 - Office Template Macros ,
T1547.001 - Registry Run Keys / Startup Folder , T1548.002 - Bypass User Account
Control , T1552.001 - Credentials In Files , T1555.003 - Credentials from Web
Browsers , T1559.001 - Component Object Model , T1559.002 - Dynamic Data
Exchange , T1560.001 - Archive via Utility , T1562.001 - Disable or Modify Tools
, T1566.001 - Spearphishing Attachment , T1566.002 - Spearphishing Link ,
T1574.002 - DLL Side-Loading , T1583.006 - Web Services , T1588.002 - Tool ,
T1589.002 - Email Addresses

Endpoint Security
Scan your endpoints for IOCs from this Pulse!
Learn more
 * Indicators of Compromise (30)
 * Related Pulses (16)
 * Comments (0)
 * History (0)

IPv4 (21)FileHash-SHA256 (2)CVE (3)FileHash-SHA1 (2)FileHash-MD5 (2)

TYPES OF INDICATORS

Russia (2)Other (4)United States (2)Netherlands (7)Germany (2)United Arab
Emirates (3)

THREAT INFRASTRUCTURE

Show
10 25 50 100
entries
Search:

type

indicator

Role

title

Added

Active

related Pulses

IPv495.181.161.50Feb 28, 2022, 4:13:01 PM6

IPv495.181.161.49Feb 28, 2022, 4:13:01 PM5

IPv489.163.252.232Feb 28, 2022, 4:13:01 PM4

IPv488.119.171.213Feb 28, 2022, 4:13:01 PM4

IPv487.236.212.22Feb 28, 2022, 4:13:01 PM6

IPv480.85.158.49Feb 28, 2022, 4:13:01 PM4

IPv45.199.133.149Feb 28, 2022, 4:13:01 PM12

IPv445.142.213.17Feb 28, 2022, 4:13:01 PM6

IPv4192.210.226.128Feb 28, 2022, 4:13:01 PM4

IPv4192.210.191.188Feb 28, 2022, 4:13:01 PM5


SHOWING 1 TO 10 OF 30 ENTRIES
1
2
3
Next


COMMENTS

You must be logged in to leave a comment.

Refresh Comments

 * © Copyright 2022 AlienVault, Inc.
   
 * Legal
   
 * Status