MuddyWater
MITRE G0069Also known as Seedworm, TEMP.Zagros, Static Kitten, Mango Sandstorm, TA450
Reports
13
First seen
Nov 6
Last seen
Jun 10
Motivation
espionage, initial-access, cyberespionage
Targeting
Sectors
other ×6
Victim regions
Israel ×2United States ×1
Top ATT&CK techniques
T1566 Phishing ×8T1190 Exploit Public-Facing Application ×7T1219 Remote Access Software ×4T1087 Account Discovery ×4T1059 Command and Scripting Interpreter ×4T1486 Data Encrypted for Impact ×4T1566.002 Phishing: Spearphishing Link ×4T1003 OS Credential Dumping ×3T1133 External Remote Services ×3T1078 Valid Accounts ×3T1598 Phishing for Information ×3T1561 Disk Wipe ×3
Indicators
filename ×34cve ×28ip_v4 ×16hash_sha256 ×6domain ×4registry_key ×3hash_md5 ×2url ×1hash_sha1 ×1
Indicator values are available on Pro and via the API.
Associated CVEs
CVE-2026-33017 (exploited)CVE-2026-0770 (exploited)CVE-2025-34291 (exploited)CVE-2026-5027 (exploited)CVE-2026-21445 (exploited)CVE-2025-55182 (exploited)CVE-2025-59718 (exploited)CVE-2025-59719 (exploited)CVE-2026-0300 (exploited)CVE-2026-20230 (exploited)CVE-2026-22719 (exploited)CVE-2026-28318 (exploited)CVE-2026-34926 (exploited)CVE-2026-41089 (exploited)CVE-2026-4670CVE-2026-5174CVE-2020-12812 (exploited)CVE-2026-6973 (exploited)CVE-2025-14174 (exploited)CVE-2025-3248 (exploited)
Recent reports
High