Untangling Iran's APT42 Operations
May 3, 2024, 10:49 a.m.
Tags
External References
Description
APT42, an Iranian state-sponsored cyber espionage actor, is using enhanced social engineering schemes to gain access to victim networks, including cloud environments. The actor is targeting Western and Middle Eastern NGOs, media organizations, academia, legal services and activists.
Date
Published: May 3, 2024, 9:36 a.m.
Created: May 3, 2024, 9:36 a.m.
Modified: May 3, 2024, 10:49 a.m.
Indicators
M_APT_Downloader_TAMECAT_NICECURL_VBScript_1
M_APT_Backdoor_TAMECAT
M_APT_Backdoor_TAMECAT_2
M_APT_Backdoor_NICECURL_datamine_module_1
M_APT_Backdoor_NICECURL_1
07384ab4488ea795affc923851e00ebc2ead3f01b57be6bf8358d7659e9ee407
https://youtransfer.live/
https://s3.tebi.io/icestorage/df32s.txt
https://s3.tebi.io/icestorage/config/nconf.txt
https://email-daemon.online/
https://bitly.org.il/J03p4y3r
https://bitly.org.il/
http://tnt200.mywire.org/Do1
http://onmicrosofl.com/accountID=
tnt200.mywire.org
s3.tebi.io
review.modification-check.online
email-daemon.online.tinurls.com
email-daemon.biz.tinurls.com
youronlineregister.com
youtransfer.live
ynetnews.press
we-transfer.shop
washinqtonpost.press
washingtonlnstitute.org
virtue-regular-ready.online
viewtop.online
viewstand.online
view-total-step.online
view-pool-cope.online
view-panel.live
view-cope-flow.online
verify-person-entry.top
vanityfaire.org
ushrt.us
twision.top
tonpost.press
title-flow-store.online
timesfisrael.com
tcvision.online
themedealine.org
sweet-pinnacle-readily.online
support-account.xyz
stellar-roar-right.buzz
status-short.live
simple-process-static.top
signin-myaccounts.com
signin-mails.com
signin-mail.com
signin-accounts.com
signin-acconut.com
shoting-urls.live
shortulonline.live
shortlinkview.live
shortingurling.live
shorting-ce.live
shortenurl.online
short-view.online
short-url.live
revive-project-live.online
recognize-validation.online
reconsider.site
quomodocunquize.site
pannel-get-data.us
panels-views-ckeck.live
paneling-viewing.live
panel-views-cheking.live
panelchecking.live
panel-view.online
panel-view.live
panel-view-short.online
panel-short-check.live
panel-live-check.online
panel-check-short.live
ovcloud.online
onmicrosofl.com
online-video-services.site
online-processing.online
online-access.live
nterview.site
myaccount-signin.com
mterview.site
meeting-online.site
mccainlnstitute.org
mailerdaemon.online
mailer-daemon.us
mailer-daemon.info
mail-roundcube.site
maariv.net
loriginal.online
live-projects-online.top
live-project-online.live
litby.us
last-check-leave.buzz
ksview.top
khalejtimes.org
khaleejtimes.org
jpostpress.com
jpost.press
israelhayum.com
join-paneling.online
indication-service.online
identifier-direction.site
honest-halcyon-fresher.buzz
home-proceed.online
home-continue.online
gview.site
go-forward.quest
go-conversation.lol
glory-uplift-vouch.online
geaviews.site
g-online.org
fortune-retire-home.top
forieqnaffairs.com
foreiqnaffairs.org
foreiqnaffairs.com
eocnomist.com
endorsement-services.online
email-daemon.site
email-daemon.online
ecomonist.org
email-daemon.biz
drive-file-share.site
drive-access.site
dloffice.top
dloffice.buzz
daemon-mailer.info
cvisiion.online
daemon-mailer.co
coordinate.icu
continue-meeting.site
continue-recognized.online
connection-view.online
confirmation-process.top
check-short-panel.live
check-panel-status.live
check-pabnel-status.live
check-online-panel.live
chat-services.online
businesslnsider.org
briview.online
bq-ledmagic.online
book-download.shop
bloom-flatter-affably.top
bitly.org.il
besvision.top
beaviews.online
azadlliq.info
avid-striking-eagerness.online
aspenlnstitute.org
affect-fist-ton.online
advission.online
admit-roar-frame.top
admiscion.online
activity-permission.online
admin-stable-right.top
accredit-validity.online
accounts-mails.com
account-signin.com
acconut-signin.com
Attack Patterns
TAMECAT
NICECURL
APT42
T1598
T1027
T1566
T1190
T1003
T1059
Additional Informations
NGO
Government
Israel