otx.alienvault.com
Open in
urlscan Pro
18.66.248.115
Public Scan
URL:
https://otx.alienvault.com/pulse/621cf48c69b2caf2c2f4bb3e
Submission: On February 28 via api from US — Scanned from DE
Submission: On February 28 via api from US — Scanned from DE
Form analysis
0 forms found in the DOMText Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (177028) Suggest Edit Clone Embed Download Report Spam IRANIAN GOVERNMENT-SPONSORED ACTORS CONDUCT CYBER OPERATIONS AGAINST GLOBAL GOVERNMENT AND COMMERCIAL NETWORKS * Created 1 hour ago by AlienVault * Public * TLP: White A group of Iranian government-sponsored advanced persistent threat actors, known as MuddyWater, are conducting cyber espionage and other malicious cyber operations against global government and commercial networks, the US Department of Homeland Security (DoH) has warned. Reference: https://www.cisa.gov/uscert/ncas/alerts/aa22-055a Tags: MuddyWater, Goverment, PowGoop, Small Sieve, Canopy, Mori, POWERSTATS Adversary: MuddyWater Industries: Government, Telecommunications Malware Families: MuddyWater , POWERSTATS , Small Sieve , Starwhale , PowGoop Att&ck IDs: T1005 - Data from Local System , T1016 - System Network Configuration Discovery , T1027 - Obfuscated Files or Information , T1033 - System Owner/User Discovery , T1041 - Exfiltration Over C2 Channel , T1047 - Windows Management Instrumentation , T1049 - System Network Connections Discovery , T1057 - Process Discovery , T1082 - System Information Discovery , T1083 - File and Directory Discovery , T1104 - Multi-Stage Channels , T1105 - Ingress Tool Transfer , T1113 - Screen Capture , T1140 - Deobfuscate/Decode Files or Information , T1203 - Exploitation for Client Execution , T1204 - User Execution , T1218 - Signed Binary Proxy Execution , T1219 - Remote Access Software , T1480 - Execution Guardrails , T1518 - Software Discovery , T1555 - Credentials from Password Stores , T1572 - Protocol Tunneling , T1574 - Hijack Execution Flow , T1001.001 - Junk Data , T1003.001 - LSASS Memory , T1003.004 - LSA Secrets , T1003.005 - Cached Domain Credentials , T1027.003 - Steganography , T1027.004 - Compile After Delivery , T1036.005 - Match Legitimate Name or Location , T1053.005 - Scheduled Task , T1059.001 - PowerShell , T1059.006 - Python , T1059.003 - Windows Command Shell , T1059.005 - Visual Basic , T1059.007 - JavaScript , T1071.001 - Web Protocols , T1087.002 - Domain Account , T1090.002 - External Proxy , T1102.002 - Bidirectional Communication , T1132.001 - Standard Encoding , T1132.002 - Non-Standard Encoding , T1137.001 - Office Template Macros , T1547.001 - Registry Run Keys / Startup Folder , T1548.002 - Bypass User Account Control , T1552.001 - Credentials In Files , T1555.003 - Credentials from Web Browsers , T1559.001 - Component Object Model , T1559.002 - Dynamic Data Exchange , T1560.001 - Archive via Utility , T1562.001 - Disable or Modify Tools , T1566.001 - Spearphishing Attachment , T1566.002 - Spearphishing Link , T1574.002 - DLL Side-Loading , T1583.006 - Web Services , T1588.002 - Tool , T1589.002 - Email Addresses Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (30) * Related Pulses (16) * Comments (0) * History (0) IPv4 (21)FileHash-SHA256 (2)CVE (3)FileHash-SHA1 (2)FileHash-MD5 (2) TYPES OF INDICATORS Russia (2)Other (4)United States (2)Netherlands (7)Germany (2)United Arab Emirates (3) THREAT INFRASTRUCTURE Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses IPv495.181.161.50Feb 28, 2022, 4:13:01 PM6 IPv495.181.161.49Feb 28, 2022, 4:13:01 PM5 IPv489.163.252.232Feb 28, 2022, 4:13:01 PM4 IPv488.119.171.213Feb 28, 2022, 4:13:01 PM4 IPv487.236.212.22Feb 28, 2022, 4:13:01 PM6 IPv480.85.158.49Feb 28, 2022, 4:13:01 PM4 IPv45.199.133.149Feb 28, 2022, 4:13:01 PM12 IPv445.142.213.17Feb 28, 2022, 4:13:01 PM6 IPv4192.210.226.128Feb 28, 2022, 4:13:01 PM4 IPv4192.210.191.188Feb 28, 2022, 4:13:01 PM5 SHOWING 1 TO 10 OF 30 ENTRIES 1 2 3 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2022 AlienVault, Inc. * Legal * Status