Iranian MOIS hacker group #MuddyWater is using a suite of malware to conduct espionage and malicious activity. If you see two or more of these malware on your network, you may have MuddyWater on it: Virustotal.com/en/user/CYBERC…. Attributed through @ncijtf @FBI
29
295
473
0
37
MOIS hacker group MuddyWater is using open-source code for malware. These samples are indicators that a network has been compromised.
MuddyWater and other Iranian MOIS APTs are using DNS tunneling to communicate to its C2 infrastructure; if you see this on your network, look for suspicious outbound traffic.