Attacks by Iranian state-backed threat group MuddyWater, also known as Mango Sandstorm and Mercury, against Israeli research institute Technion, as well as PaperCut servers have involved the utilization of the PhonyC2 post-exploitation command-and-control framework.
Article Link: New C2 framework leveraged by MuddyWater | SC Media