Discover and read the best of Twitter Threads about #Teradici

Most recents (1)

Profile picture
Joshua Penny
@josh_penny
1/ New #MuddyWater 🇮🇷Infra detected; moves to #Metasploit and #HPAnywhere/#Teradici tool added?

@GroupIB_TI released a great report detailing MuddyWater’s use of SimpleHelp Remote Support Software. They tracked the #APT's infrastructure using Etags.

Let's take a look! 🧐 👇👇 Image
2/ First Etag(153): 🔟results.

First IP of interest: 👉164.132.237[.]67

If we now pivot on the SSH hash, we match on another IP:

👉3.6.222[.]144.

Looking at this IP, the SSL certificate presented mentions O=Teradici Corporation... Image
3/ Teradici (now HP Anywhere) allows for remote access to machines from any PCoIP client. 💻⬅️🌐⬅️💻

Indicating that MuddyWater may also be using HP’s Anywhere/Teradici as well as SimpleHelp?🧐 Image
Read 12 tweets

Related hashtags

#APT #Metasploit #MuddyWater #HPAnywhere #Teradici

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!