Another C# RAT named LisfonService is among the weapons used by the criminal group MuddyWater, to attack governmental organizations on the Middle East. The is used to select an URL from countless hardcode proxy URLs, concealing the legitimate C2 server, and its final task is to register the targeted victims with C2 by collecting their workgroup names, user names. Domain, public IP address and OS version and build. Then, the information is stored for future use since it can allow the attackers to solicit C2 commands like render the system inoperable or execute a PowerShell code.
MuddyWater has various RATs and tools that it uses on its attacks and LisfonService is only one among its arsenal that is used to accomplish the task performed by the criminals, which is to collect crucial information from its targets. Criminal groups that develop threats like LisfonService can be threatening, and it seems that they are growing in numbers lately. However, a well-protected machine can block attacks like the ones executed by MuddyWater.