← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Chinese Playful Taurus Activity in Iran
WHITE Playful Taurus AlienVault 2023-01-18 Modified: 2023-02-17
20
IOCs
MEDIUM VOLUME
In June 2021, ESET reported that this group had upgraded their tool kit to include a new backdoor called Turian. This backdoor remains under active development and we assess that it is used exclusively by Playful Taurus actors. Following the evolution of this capability, we recently identified new variants of this backdoor as well as new command and control infrastructure. Analysis of both the samples and connections to the malicious infrastructure suggests that several Iranian government networks have likely been compromised by Playful Taurus.
playful taurusapt15backdoorbackdoordiplomacynickelvixen pandairanianvmprotectapi obfuscation
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (4 / 20 total)
All domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 1cf1985aec3dd1f7040d8e9913d9286a52243aca 2023-01-18
FileHash-SHA1 3a311e1143ae8eddc5e5c201a3c59051730c4050 SHA1 of ad22f4731ab228a8b63510a3ab6c1de5760182a7fe9ff98a8e9919b0cf100c58 2023-01-18
FileHash-SHA1 540e50b57b648df5e91f7e09df4c2e0e0177c668 SHA1 of 6828b5ec8111e69a0174ec14a2563df151559c3e9247ef55aeaaf8c11ef88bfa 2023-01-18
FileHash-SHA1 cfd9884511f2b5171c00570da837c31094e2ec72 2023-01-18
References (1)
↗ https://unit42.paloaltonetworks.com/playful-taurus/