← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
MuddyWater Iran APT - Israel/Egypt Critical Infrastructure (ESET Nov 2025)
WHITE MuddyWater pduggusa 2025-12-03 Modified: 2026-01-02
7
IOCs
LOW VOLUME
Fresh MuddyWater IOCs from ESET research Nov 26, 2025. Iranian state-sponsored APT targeting critical infrastructure in Israel and Egypt. Uses Fooder launcher, Blub browser-data stealer, CE-Notes/LP-Notes credential stealers, MuddyViper backdoor, go-socks5 reverse tunnels. Curated by DugganUSA LLC.
muddywateriranaptisraelegyptcritical-infrastructureeset
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (7)
All domain hostname FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
domain processplanet.org MuddyWater staging and C&C 2025-12-03
domain magicallyday.com MuddyWater C&C server 2025-12-03
hostname api.tikavodot.co.il MuddyWater C&C (Israeli domain!) 2025-12-03
FileHash-SHA1 76632910cf67697bf5d7285fae38bfcf438ec082 OsUpdater.exe - Fooder launcher 2025-12-03
FileHash-SHA1 1723d5ea7185d2e339fa9529d245daa5d5c9a932 Blub.exe - Browser data stealer 2025-12-03
FileHash-SHA1 8e21de54638a79d8489c59d958b23fe22e90944a CE-Notes browser stealer 2025-12-03
FileHash-SHA1 007b5cd6d6acf972f7743f79e23cab9bb2ecbee3 Dsync-es.exe - Mimikatz loader 2025-12-03
References (1)
↗ https://www.welivesecurity.com