Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset

Aug. 20, 2024, 3:55 p.m.

Description

Proofpoint security researchers identified an Iranian threat group known as TA453 targeting a prominent religious figure through a sophisticated social engineering campaign. The threat actors impersonated a legitimate organization and invited the target to participate in a podcast interview. Upon engaging with the malicious links, the campaign attempted to deliver a new malware toolkit called BlackSmith, which included a PowerShell trojan dubbed AnvilEcho by Proofpoint. The malware is designed for intelligence gathering and exfiltration, bundling various capabilities previously observed in separate TA453 malware modules into a single script.

Date

Published: Aug. 20, 2024, 3:17 p.m.

Created: Aug. 20, 2024, 3:17 p.m.

Modified: Aug. 20, 2024, 3:55 p.m.

Indicators

dcb072061defd12f12deb659c66f40473a76d51c911040b8109ba32bb36504e3

dc5c963f1428db051ff7aa4d43967a4087f9540a9d331dea616ca5013c6d67ce

8a47fd166059e7e3c0c1740ea8997205f9e12fc87b1ffe064d0ed4b0bf7c2ce1

d033db88065bd4f548ed13287021ac899d8c3215ebc46fdd33f46a671bba731c

5dca88f08b586a51677ff6d900234a1568f4474bbbfef258d59d73ca4532dcaf

574fc53ba2e9684938d87fc486392568f8db0b92fb15028e441ffe26c920b4c5

5aee738121093866404827e1db43c8e1a7882291afedfe90314ec90b198afb36

258d9d67e14506b70359daabebd41978c7699d6ce75533955736cdd2b8192c1a

understandingthewar.org

deepspaceocean.info

Attack Patterns

AnvilEcho

BlackSmith

TA453

T1009

T1497

T1095

T1555

T1021

T1105

T1083

T1071

T1219

T1204

T1053

T1056

T1090

T1059