MuddyWater: Snakes by the riverbank
Jan. 5, 2026, 11:09 a.m.
Description
MuddyWater, an Iran-aligned cyberespionage group, has been targeting critical infrastructure in Israel and Egypt with custom malware and improved tactics. The campaign uses previously undocumented tools like the Fooder loader and MuddyViper backdoor to enhance defense evasion and persistence. Fooder masquerades as a Snake game and uses game-inspired techniques to hinder analysis. MuddyViper enables system information collection, file manipulation, and credential theft. The group also employs browser-data stealers and reverse tunneling tools. This campaign demonstrates MuddyWater's evolution towards more sophisticated and refined approaches, though traces of operational immaturity remain. The group continues to pose a significant threat, particularly to government, military, telecommunications, and critical infrastructure sectors in the Middle East.
Tags
Date
- Created: Jan. 3, 2026, 11:05 a.m.
- Published: Jan. 3, 2026, 11:05 a.m.
- Modified: Jan. 5, 2026, 11:09 a.m.
Indicators
- ed15c8344b45daed1e0578f8bc1a32411812c61f4cb45d89b107287de0e09ffc
- 6969697820511281801712341067111416133321394945138510872296106446
- 9262a37df166ac1d5f582aac79f54ccb47623bfd9ba001228d284ae13a08f52f
- 0608101047106453101617106423101013101012101083109710108585106969
- 206.71.149.51
- 194.11.246.101
- 212.232.22.136
- 157.20.182.45
- 194.11.246.78
Attack Patterns
- LP-Notes
- MuddyViper
- Blub
- go-socks5
- Fooder
- CE-Notes
- MuddyWater
Additional Informations
- Energy
- Education
- Manufacturing
- Transport
- Telecommunications
- Government and administrations
- Defense
- Technologies
- processplanet.org
- Egypt
- Israel