Analyzing UDPGangster: A New Backdoor from Iran's MuddyWater
Welcome to my latest malware analysis! After exploring the Dropping Elephant APT group, I wanted to look at another threat actor active in the Middle East—the Iranian-linked group MuddyWater, specifically their UDPGangster campaign. I started by searching Malware Bazaar for APT samples. I found one tagged “UDPGangster” with hash 7ea4b307e84c8b32c0220eca13155a4cf66617241f96b8af26ce2db8115e3d53. It was a Microsoft Word document—perfect for analyzing a phishing campaign. Let’s dig in… Part 1: Malicious Document Analysis – VBA Macros & Payload I examined the document’s structure using oledump. The output showed three key macro-enabled streams (marked with M), indicating malicious code. ...