UDPGangster Campaigns Target Multiple Countries

Description

UDPGangster, a UDP-based backdoor associated with the MuddyWater threat group, has been observed targeting users in Turkey, Israel, and Azerbaijan. The malware is delivered through malicious Microsoft Word documents with embedded VBA macros, employing sophisticated anti-analysis techniques to evade detection. The campaigns use phishing emails impersonating government entities and include decoy images to distract victims. UDPGangster installs persistence, collects system information, and communicates with its command and control server using UDP. The malware supports various commands for remote execution, file extraction, and payload deployment. Analysis reveals connections to previous MuddyWater operations and shared infrastructure with other known malware.