MuddyWater: Snakes by the riverbank

ESET documents a MuddyWater (Iran-aligned) espionage campaign that deployed previously undocumented tooling — notably the Fooder reflective loader (masquerading as a Snake game) and the MuddyViper C/C++ backdoor — alongside credential and browser stealers (CE-Notes, LP-Notes, Blub) and go-socks5 reverse tunnels; the report details techniques (CNG-based encryption, reflective loading, sleep-based sandbox evasion), victimology (primarily Israeli organizations, one in Egypt), MITRE ATT&CK mappings, and a comprehensive list of file and network IoCs for detection and response.