APT39 Malicious Activity and Tools

1.0Infoblox Bloghttps://www.infoblox.com/blogInfoblox Threat Intelhttps://www.infoblox.com/blog/author/infoblox-threat-intel/APT39 Malicious Activity and Toolsrich600338<blockquote class="wp-embedded-content" data-secret="7A5esO0CAL"><a href="https://www.infoblox.com/blog/threat-intelligence/apt39-malicious-activity-and-tools/">APT39 Malicious Activity and Tools</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://www.infoblox.com/blog/threat-intelligence/apt39-malicious-activity-and-tools/embed/#?secret=7A5esO0CAL" width="600" height="338" title="“APT39 Malicious Activity and Tools” — Infoblox Blog" data-secret="7A5esO0CAL" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script type="text/javascript"> /* <![CDATA[ */ /*! This file is auto-generated */ !function(d,l){"use strict";l.querySelector&&d.addEventListener&&"undefined"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),o=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),c=new RegExp("^https?:$","i"),i=0;i<o.length;i++)o[i].style.display="none";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute("style"),"height"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):"link"===t.message&&(r=new URL(s.getAttribute("src")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",function(){for(var e,t,s=l.querySelectorAll("iframe.wp-embedded-content"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute("data-secret"))||(t=Math.random().toString(36).substring(2,12),e.src+="#?secret="+t,e.setAttribute("data-secret",t)),e.contentWindow.postMessage({message:"ready",secret:t},"*")},!1)))}(window,document); //# sourceURL=https://www.infoblox.com/blog/wp-includes/js/wp-embed.min.js /* ]]> */ </script> https://www.infoblox.com/blog/wp-content/uploads/visible-threat-featured-image.jpg613434On 17 September, the Federal Bureau of Investigation (FBI) published a new FLASH alert in coordination with the Department of Homeland Security (DHS), and the Department of the Treasury (Treasury).1 The report describes multiple types of malware that the Iranian Rana Intelligence Computing Company - also known as APT39 - has used in their global operations. In the report, the FBI included descriptions of how the various types of malware operate, as well as a set of YARA rules for each type. The FBI also published a representative set of malware samples to VirusTotal for public analysis.