Reboot KidIn case anyone needs them: These are some IOCs associated with current events.
Most are dated, but may give you a starting point in your threat hunts.
MuddyWater,C2 IP,185.236.234.161,DeepInstinct 2024
MuddyWater,C2 IP,185.216.13.242,DeepInstinct
MuddyWater,C2 IP,45.66.249.226,Cyberthint 2025
MuddyWater,C2 IP,91.121.240.102,NetSecurity
MuddyWater,C2 IP,137.74.131.19,SOCPrime 2026
MuddyWater,C2 IP,164.132.237.68,Protostellar
MuddyWater,C2 IP,185.94.108.91,ESET 2025
MuddyWater,C2 IP,45.159.104.13,USCYBERCOM
MuddyWater,C2 IP,185.162.231.46,Joint Advisory
MuddyWater,C2 IP,185.236.234.165,Radar Offseq
MuddyWater,C2 IP,82.117.255.29,Stormshield
MuddyWater,C2 Domain,oneskyapp[.]com,MITRE G0069
APT33,C2 IP,91.219.236.148,MITRE G0064
APT33,C2 Port,808,MITRE
APT33,Malware Hash,e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855,FireEye
APT33,Exploit CVE,CVE-2017-11774,Mandiant
APT33,Malware Hash,d41d8cd98f00b204e9800998ecf8427e,Microsoft
APT33,C2 Domain,elfin-team[.]org,Leak
APT35,C2 IP,84.200.193.20,Stormshield 2025
APT35,C2 IP,79.132.131.184,DomainTools
APT35,C2 IP,128.199.237.132,Internal Leak
APT35,C2 IP,212.175.168.58,Stormshield
APT35,C2 Domain,rohan63[.]xyz,GitHub Leak
APT35,Email Domain,irgc-leak[.]email,DTI Report