Iran’s APT34 Returns with an Updated Arsenal - Check Point Research
Tags
country: Iran Lebanon
attack-pattern: Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID 4b26c486-8487-4085-8919-7e398c4fe471
Fingerprint a5059b112dbfcfc3
Analysis status DONE
Considered CTI value 2
Text language
Published April 8, 2021, 10:27 a.m.
Added to db Oct. 1, 2024, 1:07 p.m.
Last updated Nov. 13, 2024, 7:21 p.m.
Headline Iran’s APT34 Returns with an Updated Arsenal
Title Iran’s APT34 Returns with an Updated Arsenal - Check Point Research
Detected Hints/Tags/Attributes 65/2/14
Source URLs
Redirection Url
Details Source https://research.checkpoint.com/2021/irans-apt34-returns-with-an-updated-arsenal/
URL Provider
Details Provider Source level domain
Details checkpoint.com research.checkpoint.com
Attributes
Details Type #Events CTI Value
Details Domain 9 
requestbin.net
Details Domain 1 
requesbin.net
Details Domain 3 
sarmsoftware.com
Details Domain 2 
mail.army.gov.lb
Details File 2 
job-details.doc
Details File 5 
update.xml
Details md5 2 
6615c410b8d7411ed14946635947325e
Details md5 2 
ab25014c3d6f77ec5880c8f9728be968
Details md5 1 
94004648630739c154f78a0bae0bec0a
Details sha1 1 
9bba72ac66af84253b55dd7789afc90e0344bf25
Details sha1 1 
273488416b5d6f1297501825fa07a5a9325e9b56
Details sha256 1 
13c27e5049a7fc5a36416f2c1ae49c12438d45ce50a82a96d3f792bfdacf3dcd
Details sha256 1 
47d3e6c389cfdbc9cf7eb61f3051c9f4e50e30cf2d97499144e023ae87d68d5a
Details Threat Actor Identifier - APT 258 
APT34