A new MuddyWater APT campaign spreads Backdoor RAT
MuddyWater is an APT group that has been active throughout 2017, targeting victims in the Middle East with in-memory vectors leveraging PowerShell. In October 2018, Kaspersky Lab published a good analysis report on the malware by this APT group. Here I am publishing my analysis report on recent malware by this APT group which targeted several parts of the Middle East. Sample - 8899c0dac9f6bb73ce750ae7b3250dbd (Virustotal) References : https://www.vmray.com/analyses/c873532e009f/report/overview.html https://twitter.com/360TIC/status/1081080752438009856 https://www.virustotal.com/#/file/c873532e009f2fc7d3b111636f3bbaa307465e5a99a7f4386bebff2ef8a37a20/detection The document has obfuscated macro code which contains encrypted binary data. On execution, it decrypts the data, drops files and executes them. ...