Actor
high
threat
MuddyWater Disguises Cyber-Espionage as Chaos Ransomware Attack
2 rules 5 TTPsThe MuddyWater group is disguising its cyber-espionage operations as Chaos ransomware attacks, using Microsoft Teams social engineering for initial access and establishing persistence, likely to complicate attribution and mask their true objectives.
Microsoft Teams +3
MuddyWater
chaos ransomware
cyberespionage
data theft
iranian apt
2r
5t
high
threat
MuddyWater PowGoop Beacon Decoding Detection
2 rules 4 TTPsThis detection identifies a DLL decoding and executing the PowGoop config.txt payload, indicating a stage in the MuddyWater infection chain where an obfuscated PowerShell beacon is unwrapped and live C2 communication starts.
Splunk Enterprise +3
MuddyWater
powgoop
dll-sideloading
powershell
c2
beacon
2r
4t