https://meltedinhex.com/tags/muddywater/ Recent content in MuddyWater on Melted in Hex https://meltedinhex.com/images/og-social.png https://meltedinhex.com/images/og-social.png Hugo en-us Fri, 11 Jan 2019 22:00:00 +0530 https://meltedinhex.com/posts/a-new-muddywater-apt-campaign-spreads/ Fri, 11 Jan 2019 22:00:00 +0530 https://meltedinhex.com/posts/a-new-muddywater-apt-campaign-spreads/ <p>MuddyWater is an APT group that has been active throughout 2017, targeting victims in the Middle East with in-memory vectors leveraging PowerShell.</p> <p>In October 2018, Kaspersky Lab published a <a href="https://securelist.com/muddywater/88059/">good analysis report</a> on the malware by this APT group.</p> <p>Here I am publishing my analysis report on recent malware by this APT group which targeted several parts of the Middle East.</p> <p>Sample -  8899c0dac9f6bb73ce750ae7b3250dbd (<a href="https://www.virustotal.com/#/file/c873532e009f2fc7d3b111636f3bbaa307465e5a99a7f4386bebff2ef8a37a20/detection">Virustotal</a>)</p> <p>References :</p> <p><a href="https://www.vmray.com/analyses/c873532e009f/report/overview.html">https://www.vmray.com/analyses/c873532e009f/report/overview.html</a></p> <p><a href="https://twitter.com/360TIC/status/1081080752438009856">https://twitter.com/360TIC/status/1081080752438009856</a></p> <p><a href="https://www.virustotal.com/#/file/c873532e009f2fc7d3b111636f3bbaa307465e5a99a7f4386bebff2ef8a37a20/detection">https://www.virustotal.com/#/file/c873532e009f2fc7d3b111636f3bbaa307465e5a99a7f4386bebff2ef8a37a20/detection</a></p> <p><img loading="lazy" src="https://meltedinhex.com/images/a-new-muddywater-apt-campaign-spreads/doc1-85a3eec5.png"></p> <p>The document has obfuscated macro code which contains encrypted binary data. On execution, it decrypts the data, drops files and executes them.</p>