Kaspersky Security has taken a deep dive into MuddyWater APT which targets governmental and telco targets in the Middle East. The group uses a variety of tools and techniques, mostly developed by the group itself in Python, C# and PowerShell. Examples of such tools include multiple download/execute tools and RATs in C#, Python, SSH Python script, multiple Python tools for extraction of credentials, history and more. Muddy is another Lazagne-based script extracting credentials from mail clients and browsers. It uses weaponized macro-enabled Office 97-2003 Word documents.”]
Source: https://www.darkreading.com/abtv/muddywater-the-dissection-of-an-apt/a/d-id/751221