test_scratch
/
cti-ATT-CK-v13.1
/enterprise-attack
/intrusion-set
/intrusion-set--269e8108-68c6-4f99-b911-14b2e765dec2.json
{ | |
"type": "bundle", | |
"id": "bundle--744d8b7f-30a9-4ad9-a744-10689a9240dd", | |
"spec_version": "2.0", | |
"objects": [ | |
{ | |
"modified": "2023-03-22T04:59:16.032Z", | |
"name": "MuddyWater", | |
"description": "[MuddyWater](https://attack.mitre.org/groups/G0069) is a cyber espionage group assessed to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).(Citation: CYBERCOM Iranian Intel Cyber January 2022) Since at least 2017, [MuddyWater](https://attack.mitre.org/groups/G0069) has targeted a range of government and private organizations across sectors, including telecommunications, local government, defense, and oil and natural gas organizations, in the Middle East, Asia, Africa, Europe, and North America.(Citation: Unit 42 MuddyWater Nov 2017)(Citation: Symantec MuddyWater Dec 2018)(Citation: ClearSky MuddyWater Nov 2018)(Citation: ClearSky MuddyWater June 2019)(Citation: Reaqta MuddyWater November 2017)(Citation: DHS CISA AA22-055A MuddyWater February 2022)(Citation: Talos MuddyWater Jan 2022)", | |
"aliases": [ | |
"MuddyWater", | |
"Earth Vetala", | |
"MERCURY", | |
"Static Kitten", | |
"Seedworm", | |
"TEMP.Zagros" | |
], | |
"x_mitre_deprecated": false, | |
"x_mitre_version": "4.1", | |
"x_mitre_contributors": [ | |
"Ozer Sarilar, @ozersarilar, STM", | |
"Daniyal Naeem, BT Security" | |
], | |
"type": "intrusion-set", | |
"id": "intrusion-set--269e8108-68c6-4f99-b911-14b2e765dec2", | |
"created": "2018-04-18T17:59:24.739Z", | |
"created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", | |
"revoked": false, | |
"external_references": [ | |
{ | |
"source_name": "mitre-attack", | |
"url": "https://attack.mitre.org/groups/G0069", | |
"external_id": "G0069" | |
}, | |
{ | |
"source_name": "MERCURY", | |
"description": "(Citation: Anomali Static Kitten February 2021)" | |
}, | |
{ | |
"source_name": "Static Kitten", | |
"description": "(Citation: Anomali Static Kitten February 2021)(Citation: Trend Micro Muddy Water March 2021)" | |
}, | |
{ | |
"source_name": "TEMP.Zagros", | |
"description": "(Citation: FireEye MuddyWater Mar 2018)(Citation: Anomali Static Kitten February 2021)(Citation: Trend Micro Muddy Water March 2021)" | |
}, | |
{ | |
"source_name": "Seedworm", | |
"description": "(Citation: Symantec MuddyWater Dec 2018)(Citation: Anomali Static Kitten February 2021)(Citation: Trend Micro Muddy Water March 2021)" | |
}, | |
{ | |
"source_name": "Earth Vetala", | |
"description": "(Citation: Trend Micro Muddy Water March 2021)" | |
}, | |
{ | |
"source_name": "MuddyWater", | |
"description": "(Citation: Unit 42 MuddyWater Nov 2017)(Citation: Symantec MuddyWater Dec 2018)" | |
}, | |
{ | |
"source_name": "ClearSky MuddyWater Nov 2018", | |
"description": "ClearSky Cyber Security. (2018, November). MuddyWater Operations in Lebanon and Oman: Using an Israeli compromised domain for a two-stage campaign. Retrieved November 29, 2018.", | |
"url": "https://www.clearskysec.com/wp-content/uploads/2018/11/MuddyWater-Operations-in-Lebanon-and-Oman.pdf" | |
}, | |
{ | |
"source_name": "ClearSky MuddyWater June 2019", | |
"description": "ClearSky. (2019, June). Iranian APT group \u2018MuddyWater\u2019 Adds Exploits to Their Arsenal. Retrieved May 14, 2020.", | |
"url": "https://www.clearskysec.com/wp-content/uploads/2019/06/Clearsky-Iranian-APT-group-%E2%80%98MuddyWater%E2%80%99-Adds-Exploits-to-Their-Arsenal.pdf" | |
}, | |
{ | |
"source_name": "CYBERCOM Iranian Intel Cyber January 2022", | |
"description": "Cyber National Mission Force. (2022, January 12). Iranian intel cyber suite of malware uses open source tools. Retrieved September 30, 2022.", | |
"url": "https://www.cybercom.mil/Media/News/Article/2897570/iranian-intel-cyber-suite-of-malware-uses-open-source-tools/" | |
}, | |
{ | |
"source_name": "DHS CISA AA22-055A MuddyWater February 2022", | |
"description": "FBI, CISA, CNMF, NCSC-UK. (2022, February 24). Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks. Retrieved September 27, 2022.", | |
"url": "https://www.cisa.gov/uscert/ncas/alerts/aa22-055a" | |
}, | |
{ | |
"source_name": "Unit 42 MuddyWater Nov 2017", | |
"description": "Lancaster, T.. (2017, November 14). Muddying the Water: Targeted Attacks in the Middle East. Retrieved March 15, 2018.", | |
"url": "https://researchcenter.paloaltonetworks.com/2017/11/unit42-muddying-the-water-targeted-attacks-in-the-middle-east/" | |
}, | |
{ | |
"source_name": "Talos MuddyWater Jan 2022", | |
"description": "Malhortra, A and Ventura, V. (2022, January 31). Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables. Retrieved June 22, 2022.", | |
"url": "https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html" | |
}, | |
{ | |
"source_name": "Anomali Static Kitten February 2021", | |
"description": "Mele, G. et al. (2021, February 10). Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies. Retrieved March 17, 2021.", | |
"url": "https://www.anomali.com/blog/probable-iranian-cyber-actors-static-kitten-conducting-cyberespionage-campaign-targeting-uae-and-kuwait-government-agencies" | |
}, | |
{ | |
"source_name": "Trend Micro Muddy Water March 2021", | |
"description": "Peretz, A. and Theck, E. (2021, March 5). Earth Vetala \u2013 MuddyWater Continues to Target Organizations in the Middle East. Retrieved March 18, 2021.", | |
"url": "https://www.trendmicro.com/en_us/research/21/c/earth-vetala---muddywater-continues-to-target-organizations-in-t.html" | |
}, | |
{ | |
"source_name": "Reaqta MuddyWater November 2017", | |
"description": "Reaqta. (2017, November 22). A dive into MuddyWater APT targeting Middle-East. Retrieved May 18, 2020.", | |
"url": "https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/" | |
}, | |
{ | |
"source_name": "FireEye MuddyWater Mar 2018", | |
"description": "Singh, S. et al.. (2018, March 13). Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign. Retrieved April 11, 2018.", | |
"url": "https://www.fireeye.com/blog/threat-research/2018/03/iranian-threat-group-updates-ttps-in-spear-phishing-campaign.html" | |
}, | |
{ | |
"source_name": "Symantec MuddyWater Dec 2018", | |
"description": "Symantec DeepSight Adversary Intelligence Team. (2018, December 10). Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms. Retrieved December 14, 2018.", | |
"url": "https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group" | |
} | |
], | |
"object_marking_refs": [ | |
"marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" | |
], | |
"x_mitre_domains": [ | |
"enterprise-attack" | |
], | |
"x_mitre_attack_spec_version": "3.1.0", | |
"x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" | |
} | |
] | |
} |