UDPGangster Campaigns Target Multiple Countries

FortiGuard Labs details UDPGangster, a UDP-based backdoor used in targeted phishing campaigns attributed to the MuddyWater group that delivered the malware via macro-enabled Microsoft Word documents targeting Turkey, Israel, and Azerbaijan. The report describes the macro dropper, persistence (copying to %AppData%\RoamingLow as SystemProc.exe and registry startup), numerous anti-analysis and sandbox-detection techniques, C2 communication (notably 157.20.182.75:1269), supported remote commands, and provides IOCs and Fortinet detection/mitigation recommendations.