APT34

APT34 / OILRIG LEAK, QUICK ANALYSIS

https://misterch0c.blogspot.com/2019/04/apt34-oilrig-leak.html

https://malware-research.org/apt34-hacking-tools-leak/

this man leak , telegram group https://web.telegram.org/#/im?p=@lab_dookhtegan

Hacking tools:

• Glimpse (newer version of a PowerShell-based trojan that Palo Alto Networks names BondUpdater)
• PoisonFrog (older version of BondUpdater)
• HyperShell (web shell that Palo Alto Networks calls TwoFace)
• HighShell (another web shell)
• Fox Panel (phishing kit)
• Webmask (DNS tunneling, main tool behind DNSpionage)

Iranian intelligence server:

• 185.56.91.61
• 46.165.246.196
• 185.236.76.80 185.236.77.17 185.181.8.252 185.191.228.103 70.36.107.34 109.236.85.129 185.15.247.140 185.181.8.158 178.32.127.230 146.112.61.108 23.106.215.76 185.20.187.8 95.168.176.172 173.234.153.194 173.234.153.201 172.241.140.238 23.19.226.69 185.161.211.86 185.174.100.56 194.9.177.15 185.140.249.63 81.17.56.249 213.227.140.32 46.105.251.42 185.140.249.157 198.143.182.22 213.202.217.9 158.69.57.62 168.187.92.92 38.132.124.153 176.9.164.215 88.99.246.174 190.2.142.59 103.102.44.181 217.182.217.122 46.4.69.52 185.227.108.35 172.81.134.226 103.102.45.14 95.168.176.173 142.234.200.99 194.9.179.23 194.9.178.10 185.174.102.14 185.236.76.35 185.236.77.75 185.161.209.157 185.236.76.59 185.236.78.217 23.227.201.6 185.236.78.63