← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Persian Stalker pillages Iranian users of Instagram and Telegram
State-sponsored actors have a number of different techniques at their disposal to remotely gain access to social media and secure messaging applications. Starting in 2017 and continuing through 2018, Cisco Talos has seen different techniques being used to attack users and steal their private information. These techniques used fake login pages, malicious apps disguised as their legitimate counterparts and BGP hijacking, and were specifically targeting Iranian users of the secure messaging app Telegram and the social media site Instagram.
Indicators of Compromise (60)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| URL | https://v1.flbgr.com/users/start.php?api=19&user=%DA%A9%D8%A7%D8%B1%D8%A8%D8%B1&apk=61&tut=15369351307 | — | 2018-11-05 | |
| URL | http://lh9.talagram.ir/v3/proxy?slt=1451531005724&appId=3 | — | 2018-11-05 | |
| domain | 30dn.ir | — | 2018-11-05 | |
| domain | andromedaa.com | — | 2018-11-05 | |
| domain | andromedaa.ir | — | 2018-11-05 | |
| domain | andromedaa.net | — | 2018-11-05 | |
| domain | bazdiddarbazdid.com | — | 2018-11-05 | |
| domain | broadcastnews.pro | — | 2018-11-05 | |
| domain | buycomment.ir | — | 2018-11-05 | |
| domain | buyfollower.ir | — | 2018-11-05 | |
| domain | buylike.in | — | 2018-11-05 | |
| domain | buylike.ir | — | 2018-11-05 | |
| domain | cbgr.ir | — | 2018-11-05 | |
| domain | com-messengersaccount.name | — | 2018-11-05 | |
| domain | commentbegir.com | — | 2018-11-05 | |
| domain | commentbegir.ir | — | 2018-11-05 | |
| domain | confirm-identification.name | — | 2018-11-05 | |
| domain | confirm-verification-process.systems | — | 2018-11-05 | |
| domain | download-drive-share.ga | — | 2018-11-05 | |
| domain | fbgr.ir | — | 2018-11-05 | |
| domain | file-share.ga | — | 2018-11-05 | |
| domain | flbgr.com | — | 2018-11-05 | |
| domain | followbegir.ir | — | 2018-11-05 | |
| domain | followerbeg.ir | — | 2018-11-05 | |
| domain | followerbegir.ir | — | 2018-11-05 | |
| domain | followgir.ir | — | 2018-11-05 | |
| domain | hangouts-talk.ga | — | 2018-11-05 | |
| domain | harsobh.com | — | 2018-11-05 | |
| domain | homayoon.info | — | 2018-11-05 | |
| domain | hotgram.ir | — | 2018-11-05 | |
| domain | im9.ir | — | 2018-11-05 | |
| domain | invitation-to-messenger.space | — | 2018-11-05 | |
| domain | lbgr.ir | — | 2018-11-05 | |
| domain | lik3.org | — | 2018-11-05 | |
| domain | likebeg.ir | — | 2018-11-05 | |
| domain | likebegir.com | — | 2018-11-05 | |
| domain | lkbgr.com | — | 2018-11-05 | |
| domain | mail-login-profile.com | — | 2018-11-05 | |
| domain | mail-profile.com | — | 2018-11-05 | |
| domain | mobile-messengerplus.network | — | 2018-11-05 | |
| domain | mobilecontinue.network | — | 2018-11-05 | |
| domain | ndrm.ir | — | 2018-11-05 | |
| domain | obgr.ir | — | 2018-11-05 | |
| domain | oogle.ga | — | 2018-11-05 | |
| domain | ozvbegir.com | — | 2018-11-05 | |
| domain | ozvbegir.ir | — | 2018-11-05 | |
| domain | ozvdarozv.com | — | 2018-11-05 | |
| domain | ozvdarozv.ir | — | 2018-11-05 | |
| domain | sessions-identifier-memberemailid.network | — | 2018-11-05 | |
| domain | stratup-monitor.com | — | 2018-11-05 | |
| domain | talagram.ir | — | 2018-11-05 | |
| domain | viewmember.ir | — | 2018-11-05 | |
| domain | watch-youtube.live | — | 2018-11-05 | |
| domain | xn--oogle-v1a.ga | — | 2018-11-05 | |
| domain | youpo.st | — | 2018-11-05 | |
| domain | youridentityactivity.world | — | 2018-11-05 | |
| FileHash-SHA256 | 24a545778b72132713bd7e0302a650ca9cc69262aa5b9e926633a0e1fc555e98 | — | 2018-11-05 | |
| FileHash-SHA256 | 8ecf5161af04d2bf14020500997afa4473f6a137e8f45a99e323fb2157f1c984 | — | 2018-11-05 | |
| FileHash-SHA256 | a2cf315d4d6c6794b680cb0e61afc5d0afb2c8f6b428ba8be560ab91e2e22c0d | — | 2018-11-05 | |
| FileHash-SHA256 | a7609b6316b325cc8f98b186d46366e6eefaae101ee6ff660ecc6b9e90146a86 | — | 2018-11-05 |