← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
New Iranian Espionage Campaign By “Siamesekitten” (Lyceum)
At the beginning of May 2021, the first attack by Siamesekitten on an IT company in Israel was detected.
Siamesekitten (also named Lyceum/Hexane) is an Iranian APT group active in the Middle east and in
Africa that is active in launching supply chain attacks. To this end Siamesekitten established a large
infrastructure that enabled them to impersonate the company and their HR personnel. We believe that
this infrastructure was built to lure IT experts and penetrate their computers to gain accesses to the
company’s clients.
In July 2021, a second wave of similar attacks against additional companies in Israel was detected. In
this wave, Siamesekitten upgraded their backdoor malware to a new version called “Shark” and it
replaced the old version of their malware called “Milan”.
MITRE ATT&CK & Malware Families
Indicators of Compromise (50)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| domain | jobschippc.com | — | 2021-08-18 | |
| domain | softwareagjobs.com | — | 2021-08-18 | |
| domain | akastatus.com | — | 2021-08-18 | |
| domain | zonestatistic.com | — | 2021-08-18 | |
| FileHash-MD5 | 1d94961261c5da63ff5faa7616cec579 | — | 2021-08-18 | |
| FileHash-MD5 | 3a3d600ad9c9615f18003620a1bf5f28 | MD5 of 7b3b3b8aa37ca78c46ec2774784cf51d190733e8 | 2021-08-18 | |
| FileHash-MD5 | 3e993dfe5ce90dadb0cf0707d260febd | — | 2021-08-18 | |
| FileHash-MD5 | 49b002fc6729f346f8114770ea991510 | MD5 of ee98f9fb8050d7232466da064637e8afc285f2c4 | 2021-08-18 | |
| FileHash-MD5 | 52c6326af893e3baa1c43c59827f61eb | MD5 of 3b31bbfee1dd606e40e17759f79c12b423f2cf6f | 2021-08-18 | |
| FileHash-MD5 | a4185f95c61076590ca2eb96e4697c73 | MD5 of 1b990280fd7f13143bddb1cfd69265650aecf49f | 2021-08-18 | |
| FileHash-MD5 | a5aecb5b2c495a4a9631fca9b36aaf44 | MD5 of c2e48c8e697ec88bf8057a5c0f1dc3005773956c | 2021-08-18 | |
| FileHash-MD5 | a90ae3747764127decae5a0d7856ef95 | MD5 of 254e134490a0b74b3a66626fc0d62ff972cfc1a2 | 2021-08-18 | |
| FileHash-MD5 | ce243f6a09daca21486b1f6f7a6fc403 | — | 2021-08-18 | |
| FileHash-MD5 | d30bcd249fc066e341997e2abc0878da | — | 2021-08-18 | |
| FileHash-MD5 | e2919dea773eb0796e46e126dbce17b1 | MD5 of 94aa7417f388c61a2d63ddcba6efec80c55f8555 | 2021-08-18 | |
| FileHash-MD5 | e80c5a18c5a3a5cf2764535f8795bb81 | — | 2021-08-18 | |
| FileHash-MD5 | e8d3aeea7617982bb6e484a9f8307e6b | — | 2021-08-18 | |
| FileHash-MD5 | fd3e147521114d6ebc8924ce6cd5e253 | — | 2021-08-18 | |
| FileHash-SHA1 | 022abfd7b63e3feac77bbada610d1de0931b68bb | — | 2021-08-18 | |
| FileHash-SHA1 | 09bd833782a6b2cccdd3285ad12f23bedb1dbb77 | — | 2021-08-18 | |
| FileHash-SHA1 | 1b990280fd7f13143bddb1cfd69265650aecf49f | — | 2021-08-18 | |
| FileHash-SHA1 | 254e134490a0b74b3a66626fc0d62ff972cfc1a2 | — | 2021-08-18 | |
| FileHash-SHA1 | 3b31bbfee1dd606e40e17759f79c12b423f2cf6f | — | 2021-08-18 | |
| FileHash-SHA1 | 3ce71f269f191dad1c9ed137a5f439788d10cd5a | — | 2021-08-18 | |
| FileHash-SHA1 | 41ad24e9ca3e36d9e55d574248482bf81e263c12 | — | 2021-08-18 | |
| FileHash-SHA1 | 69d58a5ff2c0343119816d34ce9da8d9bc6f47c9 | — | 2021-08-18 | |
| FileHash-SHA1 | 7a463341e5de49afef99bcfdc59e1cb69bd898f0 | — | 2021-08-18 | |
| FileHash-SHA1 | 7b3b3b8aa37ca78c46ec2774784cf51d190733e8 | — | 2021-08-18 | |
| FileHash-SHA1 | 94aa7417f388c61a2d63ddcba6efec80c55f8555 | — | 2021-08-18 | |
| FileHash-SHA1 | 9e3c2030a4bc9b89727346bc447701bd43c841e4 | — | 2021-08-18 | |
| FileHash-SHA1 | c2e48c8e697ec88bf8057a5c0f1dc3005773956c | — | 2021-08-18 | |
| FileHash-SHA1 | ee98f9fb8050d7232466da064637e8afc285f2c4 | — | 2021-08-18 | |
| FileHash-SHA256 | 08261ed40e21140eb438f16af0233217c701d9b022dce0a45b6e3e1ee2467739 | SHA256 of 254e134490a0b74b3a66626fc0d62ff972cfc1a2 | 2021-08-18 | |
| FileHash-SHA256 | 21ab4357262993a042c28c1cdb52b2dab7195a6c30fa8be723631604dd330b29 | — | 2021-08-18 | |
| FileHash-SHA256 | 2f2ef9e3f6db2146bd277d3c4e94c002ecaf7deaabafe6195fddabc81a8ee76c | — | 2021-08-18 | |
| FileHash-SHA256 | 44faf11719b3a679e7a6dd5db40033ec4dd6e1b0361c145b81586cb735a64112 | SHA256 of 7b3b3b8aa37ca78c46ec2774784cf51d190733e8 | 2021-08-18 | |
| FileHash-SHA256 | 4f1b8c9209fa2684aa3777353222ad1c7716910dbb615d96ffc7882eb81dd248 | SHA256 of 3b31bbfee1dd606e40e17759f79c12b423f2cf6f | 2021-08-18 | |
| FileHash-SHA256 | 5208cca3c4a8c42d590de4cfed4abfd37e99247bc06cba529dec55b836a55e74 | — | 2021-08-18 | |
| FileHash-SHA256 | 586b25053bd98c8f8e50ff01d35aaa438e10458a36c56e75f0e803d3e97a6012 | SHA256 of c2e48c8e697ec88bf8057a5c0f1dc3005773956c | 2021-08-18 | |
| FileHash-SHA256 | 74c331cfacbe57f3c92a4bddce237253cab52755f2149625eff18e0ecdbcdda2 | — | 2021-08-18 | |
| FileHash-SHA256 | 89ab99f5721b691e5513f4192e7c96eb0981ddb6c2d2b94c1a32e2df896397b8 | SHA256 of 1b990280fd7f13143bddb1cfd69265650aecf49f | 2021-08-18 | |
| FileHash-SHA256 | 8a1aba0de3f00c04dbaa8ebb905f7398a2b532619a1b0f5a715e0ad04de0d06b | — | 2021-08-18 | |
| FileHash-SHA256 | 99a8d8bb87070458c0c007205418e7a209f0b97914045ff4121b4df4b54ce554 | — | 2021-08-18 | |
| FileHash-SHA256 | b46949feeda8726c0fb86d3cd32d3f3f53f6d2e6e3fcd6f893a76b8b2632b249 | SHA256 of 94aa7417f388c61a2d63ddcba6efec80c55f8555 | 2021-08-18 | |
| FileHash-SHA256 | d3606e2e36db0a0cb1b8168423188ee66332cae24fe59d63f93f5f53ab7c3029 | — | 2021-08-18 | |
| FileHash-SHA256 | f6ae4f4373510c4e096fab84383b547c8997ccf3673c00660df8a3dc9ed1f3ca | SHA256 of ee98f9fb8050d7232466da064637e8afc285f2c4 | 2021-08-18 | |
| domain | defenderlive.com | Registered=04/11/2021 Registrar=PDR Ltd. d/b/a PublicDomainRegistry.com | 2021-08-18 | |
| domain | defenderstatus.com | Registered=01/28/2021 Registrar=PDR Ltd. d/b/a PublicDomainRegistry.com | 2021-08-18 | |
| domain | dnsstatus.org | Registered=04/03/2021 Registrar=PDR Ltd. d/b/a PublicDomainRegistry.com | 2021-08-18 | |
| domain | wsuslink.com | Registered=04/22/2021 Registrar=PDR Ltd. d/b/a PublicDomainRegistry.com | 2021-08-18 |