“that the state - sponsored group used to sign stagecomp and darkcomp malware attributed to the threat actor, and various operational tradecraft. muddywater is an iranian state - sponsored cyber - espionage group, notorious for long - term network intrusion campaigns that align wi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1219Remote Access Tools
78%
“a domain controller, and established persistence using rdp, dwagent, and anydesk. next, they leveraged a malware loader ( ms _ upd. exe ) to drop a custom backdoor ( game. exe ), disguised as a microsoft webview2 application. the malware features anti - analysis and anti - vm che…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
77%
“a domain controller, and established persistence using rdp, dwagent, and anydesk. next, they leveraged a malware loader ( ms _ upd. exe ) to drop a custom backdoor ( game. exe ), disguised as a microsoft webview2 application. the malware features anti - analysis and anti - vm che…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
76%
“muddywater hackers use chaos ransomware as a decoy in attacks the muddywater iranian hackers disguised their operations as a chaos ransomware attack, relying on microsoft teams social engineering to gain access and establish persistence. although the attack involved credential th…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.001Malware
64%
“muddywater hackers use chaos ransomware as a decoy in attacks the muddywater iranian hackers disguised their operations as a chaos ransomware attack, relying on microsoft teams social engineering to gain access and establish persistence. although the attack involved credential th…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1080Taint Shared Content
57%
“a domain controller, and established persistence using rdp, dwagent, and anydesk. next, they leveraged a malware loader ( ms _ upd. exe ) to drop a custom backdoor ( game. exe ), disguised as a microsoft webview2 application. the malware features anti - analysis and anti - vm che…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1657Financial Theft
49%
“muddywater hackers use chaos ransomware as a decoy in attacks the muddywater iranian hackers disguised their operations as a chaos ransomware attack, relying on microsoft teams social engineering to gain access and establish persistence. although the attack involved credential th…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.004Spearphishing Voice
39%
“that the state - sponsored group used to sign stagecomp and darkcomp malware attributed to the threat actor, and various operational tradecraft. muddywater is an iranian state - sponsored cyber - espionage group, notorious for long - term network intrusion campaigns that align wi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
The MuddyWater Iranian hackers disguised their operations as a Chaos ransomware attack, relying on Microsoft Teams social engineering to gain access and establish persistence. [...]