Discover and read the best of Twitter Threads about #MuddyWater

Most recents (3)

1/ New #MuddyWater ๐Ÿ‡ฎ๐Ÿ‡ทInfra detected; moves to #Metasploit and #HPAnywhere/#Teradici tool added?

@GroupIB_TI released a great report detailing MuddyWaterโ€™s use of SimpleHelp Remote Support Software. They tracked the #APT's infrastructure using Etags.

Let's take a look! ๐Ÿง ๐Ÿ‘‡๐Ÿ‘‡ Image
2/ First Etag(153): ๐Ÿ”Ÿresults.

First IP of interest: ๐Ÿ‘‰164.132.237[.]67

If we now pivot on the SSH hash, we match on another IP:

๐Ÿ‘‰3.6.222[.]144.

Looking at this IP, the SSL certificate presented mentions O=Teradici Corporation... Image
3/ Teradici (now HP Anywhere) allows for remote access to machines from any PCoIP client. ๐Ÿ’ปโฌ…๏ธ๐ŸŒโฌ…๏ธ๐Ÿ’ป

Indicating that MuddyWater may also be using HPโ€™s Anywhere/Teradici as well as SimpleHelp?๐Ÿง Image
Read 12 tweets
Correlation or causation? 1>A friend who's a notary watches you, your #hoochiecoochie, & 2 other friends sign your marriage license between classes. 2>You celebrate the 18th anniversary of a #HappyMarriage that's withstood #bangBANGkaBOOM daily #migraine.
#JamesCotton plays harp on Muddy's Hoochie Coochie. We opened for Cotton when he toured his 1996 Grammy-winning solo album. I only played the 1st set. We were on break when Cotton came in & I handed off my #bass so I could hang out with--are you kidding?--James COTTON. #blues
I can't tweet #MuddyWater's Hoochie Coochie without tweeting #WillieDixon's original. He wrote it in 1954. #blues
Read 5 tweets
In response to increased U.S.-Iran tensions & concerns of retaliatory cyber attacks, Iranian intrusion experts @sj94356 & @QW5kcmV3 are on #StateOfTheHack for the latest on all things Iran: #APT33 #APT34 #APT35 #APT39 #MuddyWater & active UNC groups ๐Ÿ‡ฎ๐Ÿ‡ท๐Ÿ‘จโ€๐Ÿ’ป๐Ÿ•ต๏ธโ€โ™‚๏ธ
@sj94356 @QW5kcmV3 Wait, did @YouTube remove the #StateOfTheHack episode? ๐Ÿ‘‰feye.io/soth ๐Ÿ‘€
Are we being oppressed? Do they think this is a U.S.-Iran influence operation? ... is it? ๐Ÿ‡บ๐Ÿ‡ธ๐Ÿ‡ฎ๐Ÿ‡ทAm I going to get a bunch of weird #MAGA replies to this tweet? I have so many questions ๐Ÿ˜…๐Ÿ™ƒ ImageImage
For more information on mitigations as well as our public source material supporting the discussion from the show, please check out:
โ€ข APT33 graduation: fireeye.com/blog/threat-reโ€ฆ
brighttalk.com/webcast/10703/โ€ฆ
โ€ข APT33 webinar & examples: fireeye.com/blog/threat-reโ€ฆ
... (more below)
Read 9 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!