I Spy With My Little Eye: Uncovering an Iranian Counterintelligence Operation

    Friday, August 30, 2024 In: Threat Research Print

    Date: 08/30/2024

    Severity: Medium

    Summary

    "I Spy With My Little Eye: Uncovering an Iranian Counterintelligence Operation" reveals details about a covert Iranian counterintelligence operation aimed at surveilling and infiltrating foreign entities. The operation involves sophisticated tactics to gather intelligence and disrupt activities of targeted individuals or organizations. This investigation sheds light on the methods used by Iranian operatives to conduct espionage and highlights the broader implications for international security and intelligence efforts.

    Indicators of Compromise (IOC) List

    URL/Domain

    kandovani.org

    opthrltd.me

    optimax-hr.com

    darakeh.me

    optimac-hr.com

    topwor4u.com

    beparas.com

    golanjobs.me

    dreamy-jobs.com

    parasil.me

    joinoptimahr.com

    dreamy-job.com

    IP Address

    67.227.226.240

    34.98.99.30

    37.48.65.143

    199.59.243.226

    76.223.54.146

    170.178.183.18

    13.248.169.48

    104.21.18.134

    99.83.154.118

    91.195.240.12

    165.232.142.149

    199.188.206.50

    199.59.243.225

    103.224.182.210

    78.142.29.185

    172.234.25.151

    74.119.239.234

    150.95.255.38

    93.115.28.104

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    URL/Domain

    userdomainname like "kandovani.org" or url like "kandovani.org" or userdomainname like "opthrltd.me" or url like "opthrltd.me" or userdomainname like "optimax-hr.com" or url like "optimax-hr.com" or userdomainname like "darakeh.me" or url like "darakeh.me" or userdomainname like "optimac-hr.com" or url like "optimac-hr.com" or userdomainname like "topwor4u.com" or url like "topwor4u.com" or userdomainname like "beparas.com" or url like "beparas.com" or userdomainname like "golanjobs.me" or url like "golanjobs.me" or userdomainname like "dreamy-jobs.com" or url like "dreamy-jobs.com" or userdomainname like "parasil.me" or url like "parasil.me" or userdomainname like "joinoptimahr.com" or url like "joinoptimahr.com" or userdomainname like "dreamy-job.com" or url like "dreamy-job.com"

    IP Address

    dstipaddress IN ("67.227.226.240","34.98.99.30","37.48.65.143","199.59.243.226","76.223.54.146","170.178.183.18","13.248.169.48","104.21.18.134","99.83.154.118","91.195.240.12","165.232.142.149","199.188.206.50","199.59.243.225","103.224.182.210","78.142.29.185","172.234.25.151","74.119.239.234","150.95.255.38","93.115.28.104") or ipaddress IN ("67.227.226.240","34.98.99.30","37.48.65.143","199.59.243.226","76.223.54.146","170.178.183.18","13.248.169.48","104.21.18.134","99.83.154.118","91.195.240.12","165.232.142.149","199.188.206.50","199.59.243.225","103.224.182.210","78.142.29.185","172.234.25.151","74.119.239.234","150.95.255.38","93.115.28.104") or publicipaddress IN ("67.227.226.240","34.98.99.30","37.48.65.143","199.59.243.226","76.223.54.146","170.178.183.18","13.248.169.48","104.21.18.134","99.83.154.118","91.195.240.12","165.232.142.149","199.188.206.50","199.59.243.225","103.224.182.210","78.142.29.185","172.234.25.151","74.119.239.234","150.95.255.38","93.115.28.104") or srcipaddress IN ("67.227.226.240","34.98.99.30","37.48.65.143","199.59.243.226","76.223.54.146","170.178.183.18","13.248.169.48","104.21.18.134","99.83.154.118","91.195.240.12","165.232.142.149","199.188.206.50","199.59.243.225","103.224.182.210","78.142.29.185","172.234.25.151","74.119.239.234","150.95.255.38","93.115.28.104")

    Reference:

    https://cloud.google.com/blog/topics/threat-intelligence/uncovering-iranian-counterintelligence-operation


    Tags

    CyberEspionageIran

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2024 by Gurucul - All rights reserved.