Description
APT42, an Iranian state-sponsored cyber espionage actor, is using enhanced social engineering schemes to gain access to victim networks, including cloud environments. The actor is targeting Western and Middle Eastern NGOs, media organizations, academia, legal services and activists.
Date
| Published | Created | Modified |
|---|---|---|
| May 3, 2024, 9:36 a.m. | May 3, 2024, 9:36 a.m. | May 3, 2024, 10:49 a.m. |
Indicators
M_APT_Downloader_TAMECAT_NICECURL_VBScript_1
M_APT_Backdoor_TAMECAT
M_APT_Backdoor_TAMECAT_2
M_APT_Backdoor_NICECURL_datamine_module_1
M_APT_Backdoor_NICECURL_1
07384ab4488ea795affc923851e00ebc2ead3f01b57be6bf8358d7659e9ee407
https://youtransfer.live/
https://s3.tebi.io/icestorage/df32s.txt
https://s3.tebi.io/icestorage/config/nconf.txt
https://email-daemon.online/
https://bitly.org.il/J03p4y3r
https://bitly.org.il/
http://tnt200.mywire.org/Do1
http://onmicrosofl.com/accountID=
Attack Patterns
TAMECAT
NICECURL
APT42
T1598
T1027
T1566
T1190
T1003
T1059
Additional Informations
NGO
Government
Israel