New: Threat Exposure Validation Impact Report 2025
Learn More
Join our Summer Webinar Series on Threat Exposure Validation
Register Now
Come meet us at Black Hat USA 2025 | Booth 1640
Book a Meeting
Book a Demo
Book a Demo

Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity

March 3, 2022

GRAMDOOR is a backdoor written in Python that uses the Telegram Bot API to communicate over HTTP with the Telegram server. Supported commands include command execution via cmd.exe. STARWHALE is a Windows Script File (WSF) backdoor that communicates via HTTP. Supported commands include shell command execution and system information collection. STARWHALE.GO is a backdoor written in GO programming language that communicates via HTTP. The backdoor can execute shell commands and collect system information, such as local IP address, computer name, and username. CRACKMAPEXEC is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.

Featured Resources

image
blog

AI Threat Detection: Supercharging Cyber Defenses with Intelligence & Scale 

Security teams face an onslaught of ever-evolving threats, bloated alert queues and sprawling attack surfaces.   Manual detection and periodic pen

Read More
cymulate blog
Data Sheet

Automated Exposure Mitigation 

Go beyond validation with automated threat mitigation. Test, detect, and block threats daily to optimize prevention and harden defenses.

Read More
cymulate blog article
blog

Achieve NIS2 Compliance with Security Control Validation 

The original 2016 Network and Information Systems (NIS) Directive aimed to build cybersecurity capabilities across the European Union (EU), mitigate

Read More