Tag: bugsleep

2 attack reports | 0 vulnerabilities

Attack reports

Writing a BugSleep C2 server and detecting its traffic with Snort

Published: October 30, 2024

This analysis focuses on the BugSleep implant, also known as MuddyRot, a remote access tool that provides reverse shell and file I/O capabilities. The article details the process of reverse engineering BugSleep's protocol, creating a functional C2 server, and developing Snort rules for traffic dete…

Downloadable IOCs 0

rat
bugsleep
2024-10-30
reverse engineering
muddyrot
python server
c2 protocol
snort detection

New BugSleep Backdoor Deployed in Recent MuddyWater Campaigns

Published: July 15, 2024

An Iranian threat group known as MuddyWater, affiliated with the Ministry of Intelligence and Security, has significantly intensified its operations targeting Israel, Saudi Arabia, Turkey, Azerbaijan, India, and Portugal in recent months. The group consistently utilizes phishing campaigns originati…

Downloadable IOCs 50

espionage
muddywater
2024-07-15
bugsleep

Writing a BugSleep C2 server and detecting its traffic with Snort

Published: October 30, 2024

This analysis focuses on the BugSleep implant, also known as MuddyRot, a remote access tool that provides reverse shell and file I/O capabilities. The article details the process of reverse engineering BugSleep's protocol, creating a functional C2 server, and developing Snort rules for traffic dete…

Downloadable IOCs 0

rat
bugsleep
2024-10-30
reverse engineering
muddyrot
python server
c2 protocol
snort detection

New BugSleep Backdoor Deployed in Recent MuddyWater Campaigns

Published: July 15, 2024

An Iranian threat group known as MuddyWater, affiliated with the Ministry of Intelligence and Security, has significantly intensified its operations targeting Israel, Saudi Arabia, Turkey, Azerbaijan, India, and Portugal in recent months. The group consistently utilizes phishing campaigns originati…

Downloadable IOCs 50

espionage
muddywater
2024-07-15
bugsleep
» Click here to see all Attack Reports «