PhonyC2 (c6fc073b-fa8a-4fff-a066-3fd788d3ac85)
PhonyC2 is a command and control framework attributed to the MuddyWater group. Researchers believe the tool has existed since at least 2021 and has been regularly updated since that time. PhonyC2 is believed to have been used in a 2023 attack on an institute of technology in Israel, as well as in a MuddyWater campaign beginning in May 2023 that featured exploitation of a vulnerability in PaperCut print management software (CVE-2023-27350).[Deep Instinct PhonyC2 June 2023]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| MuddyWater (dcb260d8-9d53-404f-9ff5-dbee2c6effe6) | Tidal Groups | PhonyC2 (c6fc073b-fa8a-4fff-a066-3fd788d3ac85) | Tidal Software | 1 |