MuddyWater Earth Vetala
MuddyWater campaign using ScreenConnect and RemoteUtilities for persistent access across Middle East and Asia.
Start date
1 March 2021
End date
—
Techniques
16
Attributed actors
Techniques (16)
collection1
T1113Screen Capture
command-and-control2
T1105Ingress Tool Transfer
T1071.001Web Protocols
discovery2
T1082System Information Discovery
T1083File and Directory Discovery
execution3
T1059.003Windows Command Shell
T1059.001PowerShell
T1053.005Scheduled Task
exfiltration1
T1041Exfiltration Over C2 Channel
initial-access3
T1078Valid Accounts
T1133External Remote Services
T1566.001Spearphishing Attachment
lateral-movement1
T1021.001Remote Desktop Protocol
persistence4
T1078Valid Accounts
T1547.001Registry Run Keys / Startup Folder
T1133External Remote Services
T1053.005Scheduled Task
privilege-escalation3
T1078Valid Accounts
T1547.001Registry Run Keys / Startup Folder
T1053.005Scheduled Task
stealth3
T1078Valid Accounts
T1070.004File Deletion
T1027Obfuscated Files or Information
Indicators of compromise
No IOCs linked to this campaign yet.