Cymulate named a Customers' Choice in 2025 Gartner® Peer Insights™
Learn More
New Case Study: Credit Union Boosts Threat Prevention & Detection with Cymulate
Learn More
New Research: Cymulate Research Labs Discovers Token Validation Flaw
Learn More
An Inside Look at the Technology Behind Cymulate
Learn More
Book a Demo
Book a Demo

Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity

March 3, 2022

GRAMDOOR is a backdoor written in Python that uses the Telegram Bot API to communicate over HTTP with the Telegram server. Supported commands include command execution via cmd.exe. STARWHALE is a Windows Script File (WSF) backdoor that communicates via HTTP. Supported commands include shell command execution and system information collection. STARWHALE.GO is a backdoor written in GO programming language that communicates via HTTP. The backdoor can execute shell commands and collect system information, such as local IP address, computer name, and username. CRACKMAPEXEC is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.

Featured Resources

View More Resources
cymulate press release
CUSTOMERS

Credit Union Boosts Threat Prevention & Detection with Cymulate

Learn how a credit union automated live-data exercises to validate exposure, improve threat readiness, and streamline SecOps.

Read Case Study
image
blog

Validating Cloud Threat Detection with Wiz Defend and Cymulate

Cymulate-Wiz integration enables proven cloud threat detection by simulating real attacks and verifying Wiz Defend.

Read More
image
blog

Kerberos Authentication Relay Via CNAME Abuse 

A breakdown of Kerberos authentication relay using CNAME abuse and mitigation considerations.

Read More