MuddyWater Exposed: Inside an Iranian APT operation

Ctrl-Alt-Intel uncovered exposed infrastructure and operational artifacts belonging to MuddyWater (an Iranian APT), recovering multiple custom C2 frameworks, malware loaders (including a Node.js/Ethereum-based Tsundere bot), exploitation tooling for numerous CVEs (Fortinet, Ivanti, Exchange, etc.), and evidence of data exfiltration affecting organizations across Israel, Jordan, Egypt, UAE, Portugal and the US; the report provides IOCs, MITRE ATT&CK mappings, and attribution rationale.