🌟 A gentle invitation: Explore transformation through the Dance Entropy celebration. Watch the lyric video here or visit 🦉Φwlchemy🐦‍⬛ to learn more.
Thank you for your understanding and support.

    Dust Particle

    Iranian APT Prince of Persia returns with new malware and C2 infrastructure

    0
    By on Cybersecurity

    A shift to Telegram

    More recently, the researchers identified a new Tonnerre variant that’s advertised as v50, as well as an unknown new Foudre version that goes along with it. These versions use a new C2 server structure and, most importantly, can download a file from the server that enables Telegram communication via its API.

    The Telegram feature is enabled only for a select number of victims, but the researchers managed to use the API to query the configured Telegram channel. It had two members, one of which was a channel bot and one user named Ehsan written in Farsi, who could be one of the hackers in charge of controlling the malware and who was last active as of Dec. 13.

    “Ehsan is a common Persian name typical for an Iranian,” the researchers said. “This attribution is pretty strong in combination with the IP location of the attacker’s testing machine. We tracked the IP addresses used over several years, all of which indicated Iran as the location. While different IP location databases provided different cities, all of them were in Iran.”

    Share.

    Related Posts

    Add A Comment

    Leave A Reply

    Disclaimer: This website, PromptLocl, uses AI to generate content based on regenerated RSS feeds for informational and traffic purposes. This humble experiment supports 🦉Φwlchemy🐦‍⬛ . Please verify all content independently for accuracy.
    Thank you for your understanding and support.

    Click to listen highlighted text!