Iranian intel cyber suite of malware uses open source tools
Tags
country: Iran
attack-pattern: Data Dll Side-Loading - T1574.002 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Regsvr32 - T1218.010 Software - T1592.002 Dll Side-Loading - T1073 Powershell - T1086 Regsvr32 - T1117
Show in Graph
Common Information
Type Value
UUID c6c984ab-7ee4-4a12-a16f-1a0029420414
Fingerprint 95653db3c373234b
Analysis status DONE
Considered CTI value 0
Text language
Published Jan. 12, 2022, midnight
Added to db Sept. 11, 2022, 12:43 p.m.
Last updated Nov. 16, 2024, 12:27 a.m.
Headline Iranian intel cyber suite of malware uses open source tools
Title Iranian intel cyber suite of malware uses open source tools
Detected Hints/Tags/Attributes 43/2/9
Source URLs
Redirection Url
Details Source https://www.cybercom.mil/Media/News/Article/2897570/iranian-intel-cyber-suite-of-malware-uses-open-source-tools/
URL Provider
Details Provider Source level domain
Details cybercom.mil www.cybercom.mil
Attributes
Details Type #Events CTI Value
Details Domain 268 
www.virustotal.com
Details File 28 
goopdate.dll
Details File 105 
googleupdate.exe
Details File 3 
goopdate.dat
Details File 35 
config.txt
Details File 3 
libpcre2-8-0.dll
Details File 69 
vcruntime140.dll
Details File 7 
regsvr32.dll
Details Windows Registry Key 1 
HKLM\SOFTWARE\NFC