← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Chinese Playful Taurus Activity in Iran
WHITE Playful Taurus AlienVault 2023-01-18 Modified: 2023-02-17
20
IOCs
MEDIUM VOLUME
In June 2021, ESET reported that this group had upgraded their tool kit to include a new backdoor called Turian. This backdoor remains under active development and we assess that it is used exclusively by Playful Taurus actors. Following the evolution of this capability, we recently identified new variants of this backdoor as well as new command and control infrastructure. Analysis of both the samples and connections to the malicious infrastructure suggests that several Iranian government networks have likely been compromised by Playful Taurus.
playful taurusapt15backdoorbackdoordiplomacynickelvixen pandairanianvmprotectapi obfuscation
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (20)
All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 hostname
TYPEINDICATORDESCRIPTIONCREATED
domain mfaantivirus.xyz 2023-01-18
domain pfs1010.com 2023-01-18
FileHash-MD5 008a71c9a5167985ae6fedd63a50a902 MD5 of 6828b5ec8111e69a0174ec14a2563df151559c3e9247ef55aeaaf8c11ef88bfa 2023-01-18
FileHash-MD5 b54cbde68c020136ebd424fc3f33e4a7 MD5 of ad22f4731ab228a8b63510a3ab6c1de5760182a7fe9ff98a8e9919b0cf100c58 2023-01-18
FileHash-SHA1 1cf1985aec3dd1f7040d8e9913d9286a52243aca 2023-01-18
FileHash-SHA1 3a311e1143ae8eddc5e5c201a3c59051730c4050 SHA1 of ad22f4731ab228a8b63510a3ab6c1de5760182a7fe9ff98a8e9919b0cf100c58 2023-01-18
FileHash-SHA1 540e50b57b648df5e91f7e09df4c2e0e0177c668 SHA1 of 6828b5ec8111e69a0174ec14a2563df151559c3e9247ef55aeaaf8c11ef88bfa 2023-01-18
FileHash-SHA1 cfd9884511f2b5171c00570da837c31094e2ec72 2023-01-18
FileHash-SHA256 5bb99755924ccb6882fc0bdedb07a482313daeaaa449272dc291566cd1208ed5 2023-01-18
FileHash-SHA256 67c911510e257b341be77bc2a88cedc99ace2af852f7825d9710016619875e80 2023-01-18
FileHash-SHA256 6828b5ec8111e69a0174ec14a2563df151559c3e9247ef55aeaaf8c11ef88bfa 2023-01-18
FileHash-SHA256 8549c5bafbfad6c7127f9954d0e954f9550d9730ec2e06d6918c050bf3cb19c3 2023-01-18
FileHash-SHA256 ad22f4731ab228a8b63510a3ab6c1de5760182a7fe9ff98a8e9919b0cf100c58 2023-01-18
domain delldrivers.in 2023-01-18
domain pfs1010.xyz 2023-01-18
hostname mail.indiarailways.net 2023-01-18
hostname scm.oracleapps.org 2023-01-18
hostname update.adboeonline.net 2023-01-18
hostname update.delldrivers.in 2023-01-18
hostname www.delldrivers.in 2023-01-18
References (1)
↗ https://unit42.paloaltonetworks.com/playful-taurus/