Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset
Aug. 20, 2024, 3:55 p.m.
Tags
External References
Description
Proofpoint security researchers identified an Iranian threat group known as TA453 targeting a prominent religious figure through a sophisticated social engineering campaign. The threat actors impersonated a legitimate organization and invited the target to participate in a podcast interview. Upon engaging with the malicious links, the campaign attempted to deliver a new malware toolkit called BlackSmith, which included a PowerShell trojan dubbed AnvilEcho by Proofpoint. The malware is designed for intelligence gathering and exfiltration, bundling various capabilities previously observed in separate TA453 malware modules into a single script.
Date
Published: Aug. 20, 2024, 3:17 p.m.
Created: Aug. 20, 2024, 3:17 p.m.
Modified: Aug. 20, 2024, 3:55 p.m.
Indicators
dcb072061defd12f12deb659c66f40473a76d51c911040b8109ba32bb36504e3
dc5c963f1428db051ff7aa4d43967a4087f9540a9d331dea616ca5013c6d67ce
8a47fd166059e7e3c0c1740ea8997205f9e12fc87b1ffe064d0ed4b0bf7c2ce1
d033db88065bd4f548ed13287021ac899d8c3215ebc46fdd33f46a671bba731c
5dca88f08b586a51677ff6d900234a1568f4474bbbfef258d59d73ca4532dcaf
574fc53ba2e9684938d87fc486392568f8db0b92fb15028e441ffe26c920b4c5
5aee738121093866404827e1db43c8e1a7882291afedfe90314ec90b198afb36
258d9d67e14506b70359daabebd41978c7699d6ce75533955736cdd2b8192c1a
understandingthewar.org
deepspaceocean.info
Attack Patterns
AnvilEcho
BlackSmith
TA453
T1009
T1497
T1095
T1555
T1021
T1105
T1083
T1071
T1219
T1204
T1053
T1056
T1090
T1059