New Case Study: Credit Union Boosts Secops With Continuous Testing
Learn More
New Research: Broken Attestation in Windows Admin Center
Learn More
Whitepaper: An Inside Look at the Technology Behind Cymulate
Learn More
New Integration Partnership with WIZ!
Learn More
Book a Demo
Book a Demo

Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity

March 3, 2022

GRAMDOOR is a backdoor written in Python that uses the Telegram Bot API to communicate over HTTP with the Telegram server. Supported commands include command execution via cmd.exe. STARWHALE is a Windows Script File (WSF) backdoor that communicates via HTTP. Supported commands include shell command execution and system information collection. STARWHALE.GO is a backdoor written in GO programming language that communicates via HTTP. The backdoor can execute shell commands and collect system information, such as local IP address, computer name, and username. CRACKMAPEXEC is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.

Featured Resources

View More Resources
image
blog

Evolving Vulnerability Management to Continuous Threat Exposure Management 

Shift from reactive vulnerability management to continuous, threat-validated exposure management for real risk resilience.

Read More
cymulate press release
CUSTOMERS

Credit Union Adopts Proactive Security to Validate Exposure and Threats While Optimizing SecOps with Live-Data Exercises

Learn how a credit union automated live-data exercises to validate exposure, improve threat readiness, and streamline SecOps.

Read Case Study
image
blog

Uncovered: Improper Attestation Signature Validation in Windows Admin Center

A flaw in WAC’s attestation flow let attackers impersonate services, steal credentials, and gain admin control of Azure VMs.

Read More