Update Muddy Water flow to better match the examples in the best prac…

…tices guide
center-for-threat-informed-defense · Jan 24, 2024 · 40e57a0 · 40e57a0
1 parent 8ff75c9
commit 40e57a0
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 2 deletions.
diff --git a/corpus/Muddy Water.afb b/corpus/Muddy Water.afb
diff --git a/docs/_static/IngressTool.png b/docs/_static/IngressTool.png
diff --git a/docs/_static/VBAMacros.png b/docs/_static/VBAMacros.png
diff --git a/docs/best_practices.rst b/docs/best_practices.rst
@@ -136,7 +136,10 @@ This section works through an example of mapping a report to illustrate the proc
 report used is from Cisco Talos: `"Iranian APT MuddyWater targets Turkish users via
 malicious PDFs, executables"
 <https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html>`_.
-The corresponding attack flow can be found in :doc:`example_flows`.
+The corresponding "Muddy Water" Attack Flow can be found in :doc:`example_flows`. The
+"Muddy Water" Attack Flow has some additional details and depicts two variants of the
+Muddy Water beahvior. This section is based on the older variant of Muddy Water
+campaigns.
 
 **Initial Access**