TY  - JOUR
TI  - MuddyWater APT Group and A Methodology Proposal for Macro Malware Analysis
AB  - Macros are consisted of instructions and commands mainly used to automate tasks, embed functionality andprovide customization of Microsoft Office documents. However, they have been exploited by malicious hackers bycreating malware since they were introduced. Recently, Advanced Persistent Threat (APT) Groups have generally usedmacros as attack vectors as well. Since 2017, Middle Eastern countries’ governmental institutions, and strategicallyimportant oil, telecommunication and energy companies have been targeted by the APT Group probably affiliated withIran, and the group is named as MuddyWater by analysts due to the techniques they utilized to cover their tracks. Thegroup has generally conducted attacks via macro malware. In this work, we aimed to raise awareness regardingMuddyWater APT Group and provide a detailed methodology for analyzing macro malware. The attributions, strategy,attack vectors, and the infection chain of MuddyWater APT Group have been explained. In addition, a maliciousdocument, targeting Turkey and Qatar, detected first on 27 November 2018 have been analyzed, findings and proposalshave been presented for cybersecurity professionals.
AU  - Çeliktaş, Barış
AU  - TOK, Mevlut Serkan
DO  - 10.17671/gazibtd.512800
PY  - 2019
JO  - Bilişim Teknolojileri Dergisi
VL  - 12
IS  - 3
SN  - 1307-9697
SP  - 253
EP  - 263
DB  - TRDizin
UR  - http://search/yayin/detay/375901
ER  -