![[Image: 181009-muddywater-1.png]](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/10/09144342/181009-muddywater-1.png)
Quote:Full reading: https://securelist.com/muddywater/88059/
- Summary
- Decoy images by country
- Jordan
- Turkey
- Saudi Arabia
- Azerbaijan
- Iraq
- Pakistan
- Afghanistan
- Technical details
- The initial infection vector
- The macro payload analysis, dropped files and registry keys
- Case 1: INF, SCT and text files dropped by the macro
- Case 2: VBS and text files dropped by the macro
- The PowerShell code
- CnC communication
- Victim system reconnaissance
- Supported commands
- Victimology
- Attacker deception and attribution
- Recommendations for organizations
- Conclusion
- Additional information
- Indicators of compromise
- MD5
- File names
- Domains, URLs and IP addresses
![[-]](https://www.geeks.fyi/images/collapse.png)
