Muddyc2go

Malware updated 2 months ago (2024-11-29T14:32:41.120Z)
Download STIX
Preview STIX
MuddyC2Go is a new malware that has been linked to the Iranian state-backed threat operation MuddyWater. The first evidence of malicious activity was identified through the execution of PowerShell code, which connected to a command-and-control (C2) framework known as MuddyC2Go. This infrastructure is associated with Seedworm, an advanced persistent threat group. MuddyC2Go, a successor to MuddyC3 and PhonyC2, showcases Iran's rapidly improving malicious cyber capabilities. Its deployment marks a significant shift in strategy following the exposure of the source code of its predecessor, PhonyC2. The utilization of MuddyC2Go was first seen in attacks against Israel in November 2023. These attacks were part of a broader pattern of MuddyWater activities aimed at disrupting operations and stealing valuable information. In addition to Israel, the telecommunications sector in Egypt, Sudan, and Tanzania has also been targeted using this novel C2 framework. The malware is delivered via a PowerShell launcher, and once inside a system, it establishes contact with an actor-controlled server, thereby granting remote access to the attackers. While the full extent of MuddyC2Go’s capabilities remains unknown, several tools have been identified that facilitate these attacks. These include the SimpleHelp remote management software for continuous access to compromised devices and command execution, and the Venom Proxy software for managing intranet-connected devices. The revelation of MuddyC2Go's use underscores the evolving threat landscape and the need for constant vigilance and robust cybersecurity measures.
Description last updated: 2024-05-04T18:13:50.815Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Seedworm Threat Actor is associated with Muddyc2go. Seedworm, also known as MuddyWater, TEMP.Zagros, Static Kitten, and several other monikers, is a threat actor believed to be linked with Iran's Ministry of Intelligence and Security (MOIS). This cyberespionage group has been active since 2017, targeting various sectors globally, including governmentUnspecified
2
The MuddyWater Threat Actor is associated with Muddyc2go. MuddyWater is an Advanced Persistent Threat (APT) actor that first surfaced in 2017, primarily targeting countries in the Middle East, Europe, and the USA. The group uses a range of techniques for its cyber-espionage activities, including PowerShell for execution, HTTP for C2 communications, and malUnspecified
2
Source Document References
Information about the Muddyc2go Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more