IOC pivotioc · ipv4
95[.]181[.]161[.]49
IR · IranMuddyWaterconfidence · high
Adversary-controlled C2 IP hard-coded in the newly identified MuddyWater PowerShell backdoor sample published in CISA AA22-055A; the script encrypts traffic with a single-byte XOR key 0x02 and beacons over HTTP to /index.php with a victim identifier.
- family
- POWERSTATS
- first seen
- Feb 23, 2022
- publisher
- CISA