Pulse Detail — Threat Intelligence

PULSE NAME

Educated Manticore - Iran Aligned Threat Actor Targeting Israel via Improved Arsenal of Tools - Check Point Research

WHITE Nemesis Kitten CyberHunter_NL 2023-04-26 Modified: 2023-04-26

IOCs

MEDIUM VOLUME

Check Point Research’s latest report on Educated Manticore, an Iranian-aligned threat actor targeting Israel, reveals a new and improved infection chain, including an updated version of Implant PowerLess.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1547 T1127 T1562 T1059 T1056 T1204

MALWARE FAMILIES

AgentFinal.exe PowerLess

Indicators of Compromise (24)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	1d1fb0bb21b94fc0b017a4dada231e17	—	2023-04-26
FileHash-MD5	34624051816246d4a1a7f225d966d139	—	2023-04-26
FileHash-MD5	bb14611f7aae441fb78f2ca919b800b5	—	2023-04-26
FileHash-MD5	f954163017df10d2499089027011c530	MD5 of 4fcde8ec5983cf1465ff7dbcd7d90fcd47d666b0b8352db1dcd311084ed1b3e8	2023-04-26
FileHash-SHA1	fce195476bacaf088239a68023cda88a3208e63a	SHA1 of 4fcde8ec5983cf1465ff7dbcd7d90fcd47d666b0b8352db1dcd311084ed1b3e8	2023-04-26
FileHash-SHA256	13bab4e32cd6365dba40424d20525cb84b4c6d71d3c5088fe94a6cfe07573e8e	—	2023-04-26
FileHash-SHA256	1672a14a3e54a127493a2b8257599c5582204846a78521b139b074155003cba4	—	2023-04-26
FileHash-SHA256	3e1ed006e120a1afaa49f93b4156a992f8d799b1888ca6202c1098862323c308	—	2023-04-26
FileHash-SHA256	4fcde8ec5983cf1465ff7dbcd7d90fcd47d666b0b8352db1dcd311084ed1b3e8	—	2023-04-26
FileHash-SHA256	62d0b8b5d4281ce107c43d36f222680b0cc85844b8973b645095ccdfb128454d	—	2023-04-26
FileHash-SHA256	737cb075ba0b5ed6d8901dcd798eecff0bc8585091bc232c54f92df7f9e9e817	—	2023-04-26
FileHash-SHA256	bc8f075c1b3fa54f1d9f4ac622258f3e8a484714521d89aa170246ce04701441	—	2023-04-26
FileHash-SHA256	bdb2a12f2f84c3742240b8b9e1d6638a73c6b8752aff476051fe33a0bb408010	—	2023-04-26
FileHash-SHA256	c0de9b90a0ac591147d62864264bf00b6ec17c55f7095fdf58923085fe502400	—	2023-04-26
FileHash-SHA256	e5016dfeae584de20a90f1bef073c862028f410d5b0ae4c074a696b8f8528037	—	2023-04-26
FileHash-SHA256	e5ba06943abb666f69f757fcd591dd1cceb66cad698fb894d9bc8911282198c4	—	2023-04-26
URL	https://deersharpfork.info/dw85fgxtvzq/download/f/bb14611f7aae441fb78f2ca919b800b5/7e58169ee59d46e7a2be023e728c6205'	—	2023-04-26
URL	https://deersharpfork.info/dw85fgxtvzq/download/i/34624051816246d4a1a7f225d966d139/7e58169ee59d46e7a2be023e728c6205.jpg'	—	2023-04-26
URL	https://subinfralab.info/hgAdDiLmnB	—	2023-04-26
URL	https://subinfralab.info/qaMspFbEmg	4fcde8ec5983cf1465ff7dbcd7d90fcd47d666b0b8352db1dcd311084ed1b3e8	2023-04-26
domain	cfunc.save	—	2023-04-26
domain	deersharpfork.info	—	2023-04-26
domain	subinfralab.info	—	2023-04-26
hostname	blackturtle.hopto.org	—	2023-04-26

References (1)

↗ https://research.checkpoint.com/2023/educated-manticore-iran-aligned-threat-actor-targeting-israel-via-improved-arsenal-of-tools/