Muddyc2go

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
MuddyC2Go is a new malware that has been linked to the Iranian state-backed threat operation MuddyWater. The first evidence of malicious activity was identified through the execution of PowerShell code, which connected to a command-and-control (C2) framework known as MuddyC2Go. This infrastructure is associated with Seedworm, an advanced persistent threat group. MuddyC2Go, a successor to MuddyC3 and PhonyC2, showcases Iran's rapidly improving malicious cyber capabilities. Its deployment marks a significant shift in strategy following the exposure of the source code of its predecessor, PhonyC2. The utilization of MuddyC2Go was first seen in attacks against Israel in November 2023. These attacks were part of a broader pattern of MuddyWater activities aimed at disrupting operations and stealing valuable information. In addition to Israel, the telecommunications sector in Egypt, Sudan, and Tanzania has also been targeted using this novel C2 framework. The malware is delivered via a PowerShell launcher, and once inside a system, it establishes contact with an actor-controlled server, thereby granting remote access to the attackers. While the full extent of MuddyC2Go’s capabilities remains unknown, several tools have been identified that facilitate these attacks. These include the SimpleHelp remote management software for continuous access to compromised devices and command execution, and the Venom Proxy software for managing intranet-connected devices. The revelation of MuddyC2Go's use underscores the evolving threat landscape and the need for constant vigilance and robust cybersecurity measures.
What's your take? (Question 1 of 1)
a128bb8a-0deb-4724-965f-43304483a75c Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
SeedwormUnspecified
2
Seedworm, also known as MuddyWater, TEMP.Zagros, Static Kitten, and several other monikers, is a threat actor believed to be linked with Iran's Ministry of Intelligence and Security (MOIS). This cyberespionage group has been active since 2017, targeting various sectors globally, including government
MuddyWaterUnspecified
2
MuddyWater is a notable threat actor group, officially linked to Iran’s Ministry of Intelligence and Security (MOIS) by US Cyber Command in January 2022. The group gained its name due to the confusion surrounding the attribution of a wave of cyberattacks that took place between February and October
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Muddyc2go Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
5 months ago
Seedworm: Iranian Hackers Target Telecoms Orgs in North and East Africa
CERT-EU
5 months ago
Iranian Hackers Using MuddyC2Go in Telecom Espionage Attacks Across Africa | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
DARKReading
5 months ago
Iranian 'Seedworm' Cyber Spies Target African Telcos & ISPs
CERT-EU
5 months ago
MuddyWater targets African telecommunications companies
CERT-EU
7 months ago
Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign
CERT-EU
7 months ago
Ukraine's power grid targeted by Sandworm hackers last year
InfoSecurity-magazine
7 months ago
Israeli Entities Under Attack By MuddyWater’s Advanced Tactics
CERT-EU
7 months ago
Israel subjected to Charming Kitten attacks