Weekly Threat Briefing: APT Activity, Chrome 0-Day, MuddyWater, and More

The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: 0-Day, Data breach, NetSupport Manager RAT, Roaming Mantis, Sea Turtle, and Trickbot. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.

Observed Threats

Additional information regarding the threats discussed in this week's Weekly Threat Briefing can be found below:


Researchers from Palo Alto Networks and FireEye discovered the Advanced Persistent Threat (APT) group, "MuddyWater" to have been active since at least February 2017. The group was initially dubbed "TEMP.Zagros" by FireEye, and was suspected to be connected to the financially-motivated group, "FIN7;" however, researchers determined this group was Iranian-based with espionage as their main motivation. The group invests significant time to profile their targets and uses social engineering techniques to deliver weaponised word with malicious macros. The group is well equipped with various post-exploitation tools that are developed by themselves. These tactics show that the actor is a sophisticated threat to organisations.

Subscribe to the Anomali Newsletter

Get the latest Anomali updates and cybersecurity news straight to your inbox each month.

Subscribe Now