74 lines
1.4 KiB
Markdown
74 lines
1.4 KiB
Markdown
### APT34
|
|
APT34 / OILRIG LEAK, QUICK ANALYSIS
|
|
|
|
https://misterch0c.blogspot.com/2019/04/apt34-oilrig-leak.html
|
|
|
|
https://malware-research.org/apt34-hacking-tools-leak/
|
|
|
|
this man leak , telegram group
|
|
https://web.telegram.org/#/im?p=@lab_dookhtegan
|
|
|
|
Hacking tools:
|
|
- Glimpse (newer version of a PowerShell-based trojan that Palo Alto Networks names BondUpdater)
|
|
- PoisonFrog (older version of BondUpdater)
|
|
- HyperShell (web shell that Palo Alto Networks calls TwoFace)
|
|
- HighShell (another web shell)
|
|
- Fox Panel (phishing kit)
|
|
- Webmask (DNS tunneling, main tool behind DNSpionage)
|
|
|
|
Iranian intelligence server:
|
|
|
|
- 185.56.91.61
|
|
- 46.165.246.196
|
|
- 185.236.76.80
|
|
185.236.77.17
|
|
185.181.8.252
|
|
185.191.228.103
|
|
70.36.107.34
|
|
109.236.85.129
|
|
185.15.247.140
|
|
185.181.8.158
|
|
178.32.127.230
|
|
146.112.61.108
|
|
23.106.215.76
|
|
185.20.187.8
|
|
95.168.176.172
|
|
173.234.153.194
|
|
173.234.153.201
|
|
172.241.140.238
|
|
23.19.226.69
|
|
185.161.211.86
|
|
185.174.100.56
|
|
194.9.177.15
|
|
185.140.249.63
|
|
81.17.56.249
|
|
213.227.140.32
|
|
46.105.251.42
|
|
185.140.249.157
|
|
198.143.182.22
|
|
213.202.217.9
|
|
158.69.57.62
|
|
168.187.92.92
|
|
38.132.124.153
|
|
176.9.164.215
|
|
88.99.246.174
|
|
190.2.142.59
|
|
103.102.44.181
|
|
217.182.217.122
|
|
46.4.69.52
|
|
185.227.108.35
|
|
172.81.134.226
|
|
103.102.45.14
|
|
95.168.176.173
|
|
142.234.200.99
|
|
194.9.179.23
|
|
194.9.178.10
|
|
185.174.102.14
|
|
185.236.76.35
|
|
185.236.77.75
|
|
185.161.209.157
|
|
185.236.76.59
|
|
185.236.78.217
|
|
23.227.201.6
|
|
185.236.78.63
|