← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Iranian cyber espionage against HBO, human rights activists, academic researchers and media outlets
WHITE Charming Kitten AlienVault 2017-12-05 Modified: 2017-12-05
526
IOCs
HIGH VOLUME
Charming Kitten is an Iranian cyberespionage group operating since approximately 2014. This report exposes their vast espionage apparatus, active during 2016-2017. We present incidents of company impersonation, made up organizations and individuals, spear phishing and watering hole attacks. We analyze their exploitation, delivery, and command-and-control infrastructure, and expose DownPaper, a malware developed by the attackers, which has not been publicly documented to date.
rocket kittenTurk Black Hatirgciran
Indicators of Compromise (45 / 526 total)
All email domain FileHash-SHA256 URL hostname FileHash-MD5 FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 00b5d45433391146ce98cd70a91bef08 2017-12-05
FileHash-MD5 07fb3f925f8ef2c53451b37bdd070b55 2017-12-05
FileHash-MD5 0a3f454f94ef0f723ac6a4ad3f5bdf01 2017-12-05
FileHash-MD5 0e3cb289f65ef5faf40fa830ac9b1bf6 2017-12-05
FileHash-MD5 1c00fd5e1ddd0226bd854775180fd361 2017-12-05
FileHash-MD5 1db12ec1f335ee5995b29dea360514a2 2017-12-05
FileHash-MD5 20f2da7b0c482ab6a78e9bd65a1a3a92 2017-12-05
FileHash-MD5 253b4f5c6611a4bc9c7f5269b127c8e9 2017-12-05
FileHash-MD5 276befa70cff36860cd97e3e19f10343 2017-12-05
FileHash-MD5 30124b5c56cecf2045abd24011bdf06b 2017-12-05
FileHash-MD5 3261d45051542ab3e54fa541f132f899 2017-12-05
FileHash-MD5 356439bfb9b2f49858897a22dd85df86 2017-12-05
FileHash-MD5 365482f10808ddd1d26f3dc19c41c993 2017-12-05
FileHash-MD5 3bb2f304a59255dddc5ef6bb0a32aec7 2017-12-05
FileHash-MD5 3c01793380fbd3f101603af68e96f058 2017-12-05
FileHash-MD5 3edec580845d7ab85fa893afb391fbfb 2017-12-05
FileHash-MD5 5e9a458dcdfc9d2ce996081ec87c30e0 2017-12-05
FileHash-MD5 5ec9f484603b89f80f351bb88279ebb1 2017-12-05
FileHash-MD5 60753796905458fa6a4407f48309aa25 2017-12-05
FileHash-MD5 6bd505616e12e3dd7f2287f24f34609f 2017-12-05
FileHash-MD5 6cfa579dd1d33c2fa42d85c2472f744c 2017-12-05
FileHash-MD5 7df3a83dfcce130c01aabede3cfe8140 2017-12-05
FileHash-MD5 7e1cf48d84e503499c9718c50e7a1c52 2017-12-05
FileHash-MD5 9c7ae44baf8df000bb614738370d1171 2017-12-05
FileHash-MD5 9d0e761f3803889dc83c180901dc7b22 2017-12-05
FileHash-MD5 a43b7cc495741248f3647e647f776467 2017-12-05
FileHash-MD5 a9117da1cb51adbc88a52a6e3b16a6c4 2017-12-05
FileHash-MD5 ae797446710e375f0fc9a33432d64256 2017-12-05
FileHash-MD5 af5c01a7a3858bc3712ab69bc673cec4 2017-12-05
FileHash-MD5 bd0a6fe7a852fdd61c1da37cf99103d2 2017-12-05
FileHash-MD5 be207941ce8a5e212be8dde83d05d38d 2017-12-05
FileHash-MD5 bfd21f2847c1d7aa0f409ef52ed52e05 2017-12-05
FileHash-MD5 c7760dc8f7baf67f80ab549af27df9e9 2017-12-05
FileHash-MD5 c96453247ee1ecbd4053da8bbb4cf572 2017-12-05
FileHash-MD5 ccaf21e122ca9d2e2397a9e28eb4cc87 2017-12-05
FileHash-MD5 d6ea39e1d4aaa8c977a835e72d0975e3 2017-12-05
FileHash-MD5 d6fa439f0278babb1edff32d8dc31c59 2017-12-05
FileHash-MD5 da1f6a5f2a5564c2131b4a311c55f487 2017-12-05
FileHash-MD5 e7dd9b8fe7ae14faad304d139f71b629 2017-12-05
FileHash-MD5 e93992f26f224ea53d9bdd9564e8e1c0 2017-12-05
FileHash-MD5 edd4011696ddd349575278aed7031a47 2017-12-05
FileHash-MD5 f5763b8b796b1c5d04febcc65f853967 2017-12-05
FileHash-MD5 f7f9806af42adb80d100e55f35cfa86c 2017-12-05
FileHash-MD5 f9255e0d492eb20df1e78ccc970b121a 2017-12-05
FileHash-MD5 fac158623b0e3ed3bea6e24b1795cb95 2017-12-05
References (1)
↗ http://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf