Showing posts from February, 2018

Burping on MuddyWater

INTRODUCTION In an earlier  blog posts , I wrote about a campaign that was targeting the Middle East (Saudi Arabia, Iraq, UAE, etc). The adversary group behind this campaign was covered by PaloAlto's UNIT42 and others under the name MuddyWater. In this blog I will be sharing new samples related to this adversary group and how they are continuing to evolve and how they shifted some of their delivery tactics. IT ALL STARTS WITH A TWEET. This all started when I saw a  tweet from  @x0rz  referring to a blogpost where they reversed a BurpSuite Key Generator.  I recommend everyone to go and read the above mentioned blogpost as it is really well done and goes into detail regarding the analysis of this malicious Key Generator. I will NOT be covering the analysis again since the folks at 0x00sec covered it amazingly. I will be providing some additional IoCs related to this campaign, discuss the shift in the techniques used by MuddyWater and cast a few questions that are