ctipilot.ch

MuddyWater

actor · actor:muddywater single-source

Iran MOIS-linked APT active against European and Middle-Eastern targets; 2026 pipeline coverage documents a Chaos-ransomware false-flag with Teams credential harvesting and a Q1 2026 DLL side-loading campaign abusing signed Fortemedia/SentinelOne binaries with ChromElevator ABE bypass (Symantec).

Aliases: Seedworm

Coverage timeline
5
first 2026-05-04 → last 2026-07-09
Peak priority
notable
5 notable
Sources cited
9
9 hosts
Sections touched
4
active-threats, research, weekly-annual-reports
Co-occurring entities
10
see Related entities below
2026-05-045 appearances2026-07-09

Story timeline

  1. 2026-07-09Check Point: Iran MOIS-linked "Cavern Manticore" ships a modular .NET C2 that uses three compilation formats as an anti-analysis layer, delivered via SysAid RMM abuse
    active-threatsCavern Manticore's C2 splits across IL, Mixed-Mode and NativeAOT binaries to break RE toolchains — pushed through SysAid's legitimate deployment feature
  2. 2026-05-28MuddyWater / Seedworm — Symantec and Carbon Black document new DLL-side-loading pair via signed Fortemedia and SentinelOne binaries, ChromElevator for Chromium App-Bound Encryption bypass, Node.js orchestration
    researchMuddyWater / Seedworm — Symantec and Carbon Black document new DLL-side-loading pair via signed Fortemedia and SentinelOne binaries, ChromElevator for Chromium
  3. 2026-05-08MuddyWater (Iran/MOIS) deploys Chaos ransomware as false flag; harvests credentials via Teams
    active-threats
  4. 2026-05-04MuddyWater (Iran / MOIS) Chaos ransomware false-flag + Teams BEC
    weekly-long-running
  5. 2026-05-04Mandiant M-Trends 2026
    weekly-annual-reports

Where this entity is cited

  • active-threats2
  • weekly-annual-reports1
  • weekly-long-running1
  • research1

Source distribution

  • bleepingcomputer.com1 (11%)
  • cloud.google.com1 (11%)
  • deepinstinct.com1 (11%)
  • industrialcyber.co1 (11%)
  • rapid7.com1 (11%)
  • research.checkpoint.com1 (11%)
  • security.com1 (11%)
  • securityweek.com1 (11%)
  • other1 (11%)

Related entities

All cited sources (9)

Entries about MuddyWater (5)

2026-07-09 · view entry permalink →

NOTABLE

Check Point: Iran MOIS-linked "Cavern Manticore" ships a modular .NET C2 that uses three compilation formats as an anti-analysis layer, delivered via SysAid RMM abuse

Check Point Research documented Cavern Manticore, an Iran MOIS-linked APT it assesses shares technical and infrastructure overlap with MuddyWater and OilRig's Lyceum subgroup, targeting Israeli government and IT-sector organisations (Check Point Research, 2026-07-06). Its namesake framework, Cavern, is a modular post-exploitation .NET C2 whose components are deliberately compiled into three different binary formats: pure IL-only .NET (the mhm.dll file-ops/DPAPI-decrypt module, db.dll SQL browser, ode.dll LDAP/AD-recon module), Mixed-Mode C++/CLI IL+native (the uxtheme.dll Cavern Agent core), and .NET 8 NativeAOT native-only (n-HTCommp.dll HTTPS/WebSocket transport, n-ten.dll network recon/SMB brute-force, n-sws.dll SOCKS5/WSS tunnel). The compilation-format diversity is itself the anti-analysis layer: each format demands a different reverse-engineering toolchain, and NativeAOT strips framework symbols and resolves security-sensitive P/Invoke calls (WNetAddConnection2, NetShareEnum, NetLocalGroupGetMembers) through runtime descriptor tables rather than the PE import table, hiding capability from import-based triage (Check Point Research, 2026-07-06).

Delivery is the transferable part: the actor abused SysAid's legitimate software-update/deployment feature — not a SysAid vulnerability — to push a WinDirStat DLL-sideloading package that loads the trojanized uxtheme.dll as the Cavern Agent, which exports 83 functions mimicking the real Windows theming library (82 empty stubs; the one live export, EnableThemeDialogTexture, is the C2 entry point) — a sandbox trap for automated analysis that only invokes default exports. Each loaded module is isolated in its own .NET AppDomain via a MarshalByRefObject proxy so modules can be unloaded cleanly after use, leaving minimal forensic residue; most samples score zero or near-zero on VirusTotal. ATT&CK: T1574.002 DLL Side-Loading, T1027 Obfuscated Files or Information (via compilation-format diversity), T1620 Reflective Code Loading (AppDomain-isolated modules), T1219 Remote Access Software (SysAid deployment abuse).

Cavern Manticore is an Iran MOIS (Ministry of Intelligence and Security)-linked actor, with links to the OilRig subgroup named Lyceum

the compilation format itself becomes the anti-analysis layer, since each of the three formats has to be reversed with a different toolchain

SysAid was not compromised, and no SysAid vulnerability was involved. The attacker had already gained access to the victim environment and abused a legitimate software-deployment feature

Check Point Research 2026-07-06
threat09 Jul 04:32Zsingle-sourceOpen finding ↗

2026-05-28 · view entry permalink →

NOTABLE

MuddyWater / Seedworm — Symantec and Carbon Black document new DLL-side-loading pair via signed Fortemedia and SentinelOne binaries, ChromElevator for Chromium App-Bound Encryption bypass, Node.js orchestration

Symantec's Threat Hunter Team and Broadcom's Carbon Black published findings on 2026-05-12 documenting a Q1 2026 MuddyWater (a.k.a. Seedworm, Static Kitten, MERCURY, TEMP.Zagros — attributed to Iran's Ministry of Intelligence and Security) espionage campaign across at least nine organisations on four continents. The story re-surfaced this run via fresh aggregator coverage on 2026-05-26 (The Hacker News) — included in window on that basis. Named victim categories include industrial and electronics manufacturing, education and public-sector bodies, financial services, and an international airport in the Middle East (Symantec / Broadcom Threat Intelligence, 2026-05-12; The Hacker News, 2026-05-26; Industrial Cyber, 2026-05-13).

The differentiating TTPs from prior MuddyWater coverage are twofold. First, DLL side-loading via two pairs of legitimately signed third-party binaries: Fortemedia audio-driver binary fmapp.exe side-loading a malicious fmapp.dll; SentinelOne's sentinelmemoryscanner.exe side-loading a rogue sentinelagentcore.dll — abuse of a signed security-product binary specifically chosen to bypass signature-based detection. Both malicious DLLs embed ChromElevator, an open-source post-exploitation tool that bypasses Chromium App-Bound Encryption to extract passwords, cookies and payment-card data without triggering AV. Second, orchestration moved to Node.js: node.exe appears as a parent-process ancestor of cmd.exe before any operator commands — i.e. a Node.js script (not a human operator) drives the kill chain. PowerShell scripts pulled from a staging server perform discovery (T1087, T1482), screenshot capture, SAM-hive theft via VSS (T1003.002), and SOCKS5 reverse-proxy tunnelling (T1090.003). A credential harvester calls CredUIPromptForWindowsCredentialsW to display a Windows security dialogue and trick targets into entering credentials. A Kerberos TGT extractor via GSS-API was also observed.

Why it matters to us: signed-binary side-loading abusing a security-product binary is the highest-value evasion class — signature-based controls are bypassed by design. Detection: Sysmon EID 7 image-loads from fmapp.exe or sentinelmemoryscanner.exe outside their expected installation directories; alert on node.exe as a parent of cmd.exe or powershell.exe -enc in non-developer environments; flag CredUIPromptForWindowsCredentialsW calls from non-standard parents. Hardening: AppLocker / WDAC enforcing signed-and-known-path DLL loads; restrict node.exe execution to development OUs.

research28 May 05:00Zmulti-sourceOpen finding ↗

2026-05-08 · view entry permalink →

NOTABLE

MuddyWater (Iran/MOIS) deploys Chaos ransomware as false flag; harvests credentials via Teams

Security researchers documented a refreshed campaign by MuddyWater (attributed to Iran's Ministry of Intelligence and Security, MOIS), targeting government contractors and defence-adjacent organisations in Europe and the Middle East. The campaign deploys Chaos ransomware payloads with branding designed to mimic criminal ransomware groups — a deliberate false-flag technique intended to complicate attribution and delay incident response triage. A parallel social-engineering vector uses Microsoft Teams external-access invitations to gain remote-assistance sessions under a helpdesk pretext, after which credentials are harvested and used for further access via legitimate cloud services. Observed ATT&CK techniques: T1566.004 (Spearphishing via Teams), T1649 (Steal or Forge Authentication Certificates), T1486 (Data Encrypted for Impact). This is a single-source threat-intelligence vendor disclosure.

threat08 May 05:00Zsingle-sourceOpen finding ↗

Earlier coverage (2)