← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - MuddyWater: Snakes by the riverbank
WHITE celestre 2025-12-03 Modified: 2026-01-02
68
IOCs
HIGH VOLUME
ESET researchers have identified new MuddyWater activity primarily targeting organizations in Israel, with one confirmed target in Egypt. MuddyWater, also referred to as Mango Sandstorm or TA450, is an Iran-aligned cyberespionage group known for its persistent targeting of government and critical infrastructure sectors, often leveraging custom malware and publicly available tools.
gosocks5foodermuddywaterc servermuddywater cblubcenotesna hosterdaddyprivatelpnotesmimikatzfirstnovamuddyviper
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
MuddyWater MuddyViper
Indicators of Compromise (68)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 11ee5f269902e37ab15e8ae2c5d37412 MD5 of 007b5cd6d6acf972f7743f79e23cab9bb2ecbee3 2025-12-03
FileHash-MD5 c851e849c8442727eac69225203ee7f7 MD5 of a9747a3f58f8f408fecefc48db0a18a1cb6dacae 2025-12-03
FileHash-SHA1 007b5cd6d6acf972f7743f79e23cab9bb2ecbee3 2025-12-03
FileHash-SHA1 0657d0b0610618886ddd74c3d0a1d582cdd24863 2025-12-03
FileHash-SHA1 0e9a4892cfa1c9065b36d8f2e164e28609a8cf5d 2025-12-03
FileHash-SHA1 13da612d75dc5268f5235f5bace6d8f0db0091ff 2025-12-03
FileHash-SHA1 1723d5ea7185d2e339fa9529d245daa5d5c9a932 2025-12-03
FileHash-SHA1 25361183de63f296ba71b6fcf0725e022b3c989a 2025-12-03
FileHash-SHA1 2939fd218e0145d730bd94aa1c76386a5259eace 2025-12-03
FileHash-SHA1 29cda06701f9a9c0a6791775c3eb70f5b52bbeff 2025-12-03
FileHash-SHA1 2b09241ca025bdc4455e9f6ba6009e2f27c08edf 2025-12-03
FileHash-SHA1 2e9be23cdd8152db6cd1a54e001c4ea82ff6f1c6 2025-12-03
FileHash-SHA1 3bc6502a55a4d5d29132da4d9943e154a810cc83 2025-12-03
FileHash-SHA1 45fa7de711fea1f8d1e348e87834246c455dd2ed 2025-12-03
FileHash-SHA1 47b70c47beb33e88b4197d6af1b768230e51b067 2025-12-03
FileHash-SHA1 4e0ef2386980639fc5355fd68daff54eb2ad622e 2025-12-03
FileHash-SHA1 4e9529ba4a6e42d6278d37e3fdee9e1d991cebe0 2025-12-03
FileHash-SHA1 50c6d4a2ad16a231cf11c43f3bbc868d90e20d25 2025-12-03
FileHash-SHA1 52009f36058337b6401da0a0f4885a0c185f0520 2025-12-03
FileHash-SHA1 535882b6edab29247e035236a84ca510fb1e0854 2025-12-03
FileHash-SHA1 544ce18e4c1f1b288dee6018dfcf4e4d4a315f7a 2025-12-03
FileHash-SHA1 54ebc125039cc83e4682ca44dd592534562b25c3 2025-12-03
FileHash-SHA1 5a08150c1dc17e9f691296f0a577c2ec9ba8028c 2025-12-03
FileHash-SHA1 5d1e61da8083c41ff1fc23a1222a4a88b43a4e9b 2025-12-03
FileHash-SHA1 6532e0437c8913fa418f1ee258561b15bbee9052 2025-12-03
FileHash-SHA1 69b097d8a3205605506e6c1cc3c13b71091cb519 2025-12-03
FileHash-SHA1 6ca41565844118385b345a39a9b79e0bbc0dd338 2025-12-03
FileHash-SHA1 6fc50a99aae1d6c40111632d4f49bd19f9794cf6 2025-12-03
FileHash-SHA1 76632910cf67697bf5d7285fae38bfcf438ec082 2025-12-03
FileHash-SHA1 7950296331802188eb99e232e2c383cb9fdd5d7d 2025-12-03
FileHash-SHA1 826cff5d85713ce4b2f3c15ab53a84e6848d2e2c 2025-12-03
FileHash-SHA1 8580824fe14db158388102b16c1c79dfbba36083 2025-12-03
FileHash-SHA1 87add79c7c8335447113ee0d413f52ae2b17f066 2025-12-03
FileHash-SHA1 8e21de54638a79d8489c59d958b23fe22e90944a 2025-12-03
FileHash-SHA1 8f3ed626e7b929450e36e97ba5539c8371df0ef8 2025-12-03
FileHash-SHA1 93055115559219be8441880597c533381b99213b 2025-12-03
FileHash-SHA1 97c3376ab551e899f347cc9ddf49ea01db2d7903 2025-12-03
FileHash-SHA1 99fad0862e2e8d363f3e18952fd92e09493cc27d 2025-12-03
FileHash-SHA1 a101cbccd950aa36fc3b40c3c331fde43acdbbd2 2025-12-03
FileHash-SHA1 a227c0a4425e24268b759a740231676a589ca4e6 2025-12-03
FileHash-SHA1 a9747a3f58f8f408fecefc48db0a18a1cb6dacae 2025-12-03
FileHash-SHA1 a997a7aae727d2c12cce80fe3607317775a4df3e 2025-12-03
FileHash-SHA1 b0271ca76052ec340014d7bccdbd69325a4e60f2 2025-12-03
FileHash-SHA1 b0cd4f5df192bffe6500e44b80c28505dfd9ca66 2025-12-03
FileHash-SHA1 b16e7d56a8dc0ff6b3afd797e1eab22b20dffb39 2025-12-03
FileHash-SHA1 b48b93b4eb69d01588d371356ede614c5e7378de 2025-12-03
FileHash-SHA1 b7a8f09cb5ff8a33653988ffba585118acf24c13 2025-12-03
FileHash-SHA1 b8997526e4781a6a1479690e30072f38e091899d 2025-12-03
FileHash-SHA1 c1299e8c9a8567a9c292157f3ed65b818aa78900 2025-12-03
FileHash-SHA1 cd36f93dbc4c718930593d8f029efdcaa52b619b 2025-12-03
FileHash-SHA1 cd47420f5ce408d95c98306d78b977cda0400c8f 2025-12-03
FileHash-SHA1 d46900d78ae036967e0b37f9ec6a8000131ae604 2025-12-03
FileHash-SHA1 d49979d0063b28bd73390481e6ae642c00ce0791 2025-12-03
FileHash-SHA1 d518f5c648ab64b390a29aa2858219318cfc556a 2025-12-03
FileHash-SHA1 df223d653f761ed55f9c0774f1dbf545fd741f86 2025-12-03
FileHash-SHA1 df8fc5213aa11ee445ead1aae17a826e7d51a743 2025-12-03
FileHash-SHA1 e02dd79a8caed662969f6d5d0792f2cb283116e8 2025-12-03
FileHash-SHA1 e8f4ea3857ef5fdfec1a2063d707609251f207db 2025-12-03
FileHash-SHA1 ea8a1c2382ff765709d7f78ef60482598e4c0deb 2025-12-03
FileHash-SHA1 eaf4bafc62170c9fca1f6b591848883dbf97f93d 2025-12-03
FileHash-SHA1 f26cae9e79871df3a47fa61a755dc028c18451fc 2025-12-03
FileHash-SHA1 f5efba6ccba5a6ad6c3afa928c0e5eaa44597411 2025-12-03
FileHash-SHA1 ff09608790077e1ba52c03d9390e0805189adad7 2025-12-03
FileHash-SHA256 6020ea571ee6e09a0500421823fd5292858bd763acc4089a56af414cfb0c82ae SHA256 of a9747a3f58f8f408fecefc48db0a18a1cb6dacae 2025-12-03
FileHash-SHA256 8fb52fa62541c16519520d305d5d4ec7ac3fe2e09156c1011a05ebc9dc05707e SHA256 of 007b5cd6d6acf972f7743f79e23cab9bb2ecbee3 2025-12-03
domain magicallyday.com 2025-12-03
domain processplanet.org 2025-12-03
hostname api.tikavodot.co.il 2025-12-03
References (1)
↗ https://www.welivesecurity.com/en/eset-research/muddywater-snakes-riverbank/