← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
BladedFeline: Unmasking the Iran-Aligned Cyberespionage Group
WHITE PetrP.73 2025-06-09 Modified: 2025-07-09
21
IOCs
MEDIUM VOLUME
Dive into ESET's comprehensive analysis of BladedFeline, an Iran-aligned APT group with likely ties to OilRig. This report uncovers the group's sophisticated cyberespionage operations targeting Kurdish and Iraqi government officials. Learn about their advanced tools, including the Whisper backdoor and PrimeCache IIS module, and their persistent efforts to maintain access to high-ranking officials.
strongbladedfelinewhisperprimecacheoilriglaretpinarc serverkrg systemsteprdatvirustotalolalanullpowershelllsassfirstformatexecutionlumma stealertipsplinkpsexecdanbotsharkmilansolarmangomarknextwin64exampleunknownshellpythonpersistencedanabot
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (2 / 21 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 4cc88ce123b0da8d75c0fe66a39339f6 2025-06-09
FileHash-MD5 6cc148363200798a12091b97a17181a1 MD5 of be0ad25b7b48347984908175404996531cfd74b7 2025-06-09
References (1)
↗ https://www.welivesecurity.com/en/eset-research/bladedfeline-whispering-dark/