| Category | Einzelheiten |
|---|---|
| Threat Actors | Iranian Threat actor TA453 (Charming Kitten), likely supporting Iranian government interests, specifically the IRGC Intelligence Organization (IRGC-IO). |
| Campaign Overview | Fake podcast invitation sent to a religious figure, leading to the delivery of BlackSmith malware, specifically the AnvilEcho PowerShell Trojan. Targeted intelligence gathering. |
| Target Regions (Victims) | High-profile targets, including a prominent Jewish figure and likely other political and diplomatic entities. |
| Methodology | Social engineering through multi-email phishing and fake podcast invitations. Use of ZIP archives, LNK files, and obfuscated PowerShell scripts to deliver malware. |
| Product Targeted | Intelligence gathering and exfiltration using PowerShell malware, mainly targeting political and diplomatic figures. |
| Malware Reference | BlackSmith malware toolkit (AnvilEcho PowerShell Trojan). Previous tools include GorjolEcho, PowerStar, and MischiefTut. |
| Tools Used | LNK files, PowerShell, ZIP archives, steganography (used in Beautifull.jpg), various DLL files (soshi.dll, toni.dll), C++ toolset for BlackSmith, and various network C2 servers. |
| Vulnerabilities Exploited | Malware uses multiple evasion techniques, such as bypassing SSL certificate validation, disabling antivirus detection, and obfuscating execution paths. |
| TTPs | Phishing with fake invitations, PowerShell scripting for remote access, use of encrypted C2 channels, and exfiltration via FTP/Dropbox. |
| Attribution | TA453 is assessed to operate in support of the IRGC-IO, with links to other Iranian-aligned threat groups (e.g., APT42). |
| Recommendations | Enhanced phishing detection, network monitoring for unusual traffic, and blocking known C2 domains. |
| Quelle | Proofpoint analysis of the malware and campaign, with references to various external sources confirming TA453’s activities. |
Beste Vorsätze: TA453 zielt auf religiöse Figur mit gefälschter Podcast-Einladung und liefert neues BlackSmith Malware-Toolset
Teilen:
London, GB
1:47 am,
Jan. 18, 2025
3°C
L: 2° |
H: 4°
Fühlt sich an wie 1°C°
overcast clouds
Tägliche VorhersageStündliche Vorhersage
Today
9:00 pm
2° | 4°°C
0 mm
0%
4 mph
92 %
1032 mb
0 mm/h
Tomorrow
9:00 pm
1° | 5°°C
0 mm
0%
7 mph
91 %
1023 mb
0 mm/h
Mo. Jan. 20
9:00 pm
2° | 6°°C
0 mm
0%
4 mph
97 %
1020 mb
0 mm/h
Di. Jan. 21
9:00 pm
4° | 7°°C
0 mm
0%
5 mph
97 %
1019 mb
0 mm/h
Mi. Jan. 22
9:00 pm
4° | 8°°C
0.2 mm
20%
9 mph
97 %
1013 mb
0 mm/h
Today
3:00 am
2° | 3°°C
0 mm
0%
2 mph
87 %
1032 mb
0 mm/h
Today
6:00 am
1° | 3°°C
0 mm
0%
1 mph
90 %
1032 mb
0 mm/h
Today
9:00 am
2° | 2°°C
0 mm
0%
2 mph
90 %
1031 mb
0 mm/h
Today
12:00 pm
5° | 5°°C
0 mm
0%
3 mph
71 %
1030 mb
0 mm/h
Today
3:00 pm
6° | 6°°C
0 mm
0%
3 mph
65 %
1027 mb
0 mm/h
Today
6:00 pm
4° | 4°°C
0 mm
0%
4 mph
86 %
1026 mb
0 mm/h
Today
9:00 pm
3° | 3°°C
0 mm
0%
4 mph
92 %
1025 mb
0 mm/h
Tomorrow
12:00 am
2° | 2°°C
0 mm
0%
3 mph
85 %
1023 mb
0 mm/h
| Name | Preis | 24H (%) |
|---|---|---|
 Bitcoin(BTC) | €101,617.56 | 3.26% |
 Ethereum(ETH) | €3,370.45 | 2.64% |
 XRP(XRP) | €3.15 | -1.57% |
 Fesseln(USDT) | €0.97 | 0.06% |
 Solana(SOL) | €212.56 | 1.94% |
 Dogecoin(DOGE) | €0.416143 | 11.22% |
 USDC(USDC) | €0.97 | 0.01% |
 Shiba Inu(SHIB) | €0.000023 | 8.81% |
 Pepe(PEPE) | €0.000019 | 10.50% |
 Peanut das Eichhörnchen(PNUT) | €0.65 | 9.57% |
