IOCs
More samples with host URL and new Telegram Bots, details below:0CFF8D65002CD6DFF2A6F79EEE6A25996AC7622452BC7A08BF55E4C540320812
https://navidtwobottt.000webhostapp.com/rat/
https://api.telegram.org/bot374463427
1D0770AC48F8661A5D1595538C60710F886C254205B8CF517E118C94B256137D
https://navidtwobottt.000webhostapp.com/rat
https://api.telegram.org/bot339912423
12A89CEF7D400222C61651ED5DF57A9E8F54FE42BC72ECEB756BB1315731F72D
https://navidtwobottt.000webhostapp.com/rat
https://api.telegram.org/bot391779082
47419E7E531C12C50134D21F486F6C4BF3A11983628D349599C6500ABCDB30F5
https://navidtwobottt.000webhostapp.com/rat
https://api.telegram.org/bot382578708
BFEB978B3998A18F852BE7012D82CB5C6F14DE67CD4C4521F3D5ACF0B01F987F
https://navidtwobottt.000webhostapp.com/rat
https://api.telegram.org/bot314010881
Hosting
Note: No one of the names reported here are to be accused for anything. That's a collection of correlated info.
The samples shared by drweb, contain a URL the is registered to the details below. Will also be listed connected info found online:
The samples shared by drweb, contain a URL the is registered to the details below. Will also be listed connected info found online:
- Name: arash raso******h, آرش رسول زاده ,
- E-mails: moh*******1396@gmail.com, arashrasoulzadeh@gmail.com
- Hosts registered or connected:
- dlappdev.ir
- telememberapp.ir
- http://varnacorp.com/
- GitHub:
- https://github.com/arashr*******deh?utf8=%E2%9C%93&tab=repositories&q=&type=fork&language=
- Telegram related forks
- Update - July 19, 2017
More info gathered by Iranian citizens here:
http://telescam.ir/home/2017/06/30/%D8%B1%D8%A7%D8%AA%D8%B1%D8%AA-%D8%A7%D9%86%D8%AF%D8%B1%D9%88%DB%8C%D8%AF-%D8%A7%DB%8C%D8%B1%D8%A7%D9%86%DB%8C-%D8%A8%D8%A7-%D8%B9%D9%86%D9%88%D8%A7%D9%86-%D8%A7%DB%8C%D9%86%D8%B3%D8%AA%D8%A7-%D9%85/
Developing ..
p.s. No one of the names reported here are to be accused for anything. That's a collection of correlated info.
No comments:
Post a Comment