#1280254: Surprised by Cyrus the Great! Disclosure against Iran’s Cyrus attack

Description: https://mp.weixin.qq.com/s/yaLC8gs-U92X6WnYzuuQ7w


Recently, the Chianxin Virus Response Center discovered a highly deceptive Android APK attack during the daily sample operation. After research, it found that the target was Iran. In addition, through homology analysis, the sample was associated with one. The series of attacks, since the attack samples were all related to Iranian culture, were named after the Cyrus event after the event was named.

The name of the APK found this time is "کوروش بزرگ!" (Cyrus the Great!).

ecently, it has been found that the mobile APP attack against Iran is undoubtedly closely related to the situation in Iran.

文件名称 file name

کوروش بزرگ! کوروش بزرگ!

软件名称 name of software

کوروش بزرگ! کوروش بزرگ!

软件名称翻译 Software name translation

居鲁士大帝! Cyrus the Great!

软件包名 Package name

ir.cheshmac.CyrustheGreat ir.cheshmac.CyrustheGreat


F05D8588CF2E8BE9FA6CCAC39A0F7311 F05D8588CF2E8BE9FA6CCAC39A0F7311

安装图标 Installation icon

To sum up:
Iran has recently made a splash in cyber warfare, both as an attacker and a defensive party. In this article, Iran’s attacks, whether from humanities, geography, etc., are used as bait or in bait. The thorough understanding of Iranian culture can reflect the long-term preparations for this attack by the attackers behind the scenes, and there must be people in the attacking gang who have a thorough understanding of Iranian culture.

The thorough understanding of culture will determine the fineness of the production of the bait, which will also affect all subsequent attacks. This is similar to the war idea of ​​"deep enemy camp" in the previous war.

The Qi'anxin Virus Response Center will continue to analyze and update the latest malicious Android A PK attacks in a timely manner. At present, all the products of Qi'anxin can report the attacks
First Aid: IOCs:

MD5 :

05EAA04BC27DB3AF51215D68A1D32D05 05EAA04BC27DB3AF51215D68A1D32D05

4134CB97B2446654347AB2E1CA2C050F 4134CB97B2446654347AB2E1CA2C050F

25A65CBFC9D34F5367ACB5EA2A32E3EF 25A65CBFC9D34F5367ACB5EA2A32E3EF

3C0011DD7F6C9474CDA5FFD52415D4A8 3C0011DD7F6C9474CDA5FFD52415D4A8

43BD113A0952172BCBA57055F5A707BB 43BD113A0952172BCBA57055F5A707BB

34BE434996B9BC19112F875F0A3711D2 34BE434996B9BC19112F875F0A3711D2

26F655D19358BA5C124BBB705C3778A7 26F655D19358BA5C124BBB705C3778A7

F05D8588CF2E8BE9FA6CCAC39A0F7311 F05D8588CF2E8BE9FA6CCAC39A0F7311

12BEA094932DA9FA51853740FCAA68A1 12BEA094932DA9FA51853740FCAA68A1

9D3CA081E7FE27E44707D8634C22FC95 9D3CA081E7FE27E44707D8634C22FC95

D199C202BEB4380E2F675E93C36CF0F4 D199C202BEB4380E2F675E93C36CF0F4

E94ED62A28A9FD6F714C3E29B3636788 E94ED62A28A9FD6F714C3E29B3636788

86DA3A7378E17B51BA83BA3333E86A32 86DA3A7378E17B51BA83BA3333E86A32

2A0394DA1639AAB6B9FEA26C93EEBE07 2A0394DA1639AAB6B9FEA26C93EEBE07

CC88F21406EAEED70A890F53E57C98B6 CC88F21406EAEED70A890F53E57C98B6


4567824A45A818BC389D7EEAE3C7B678 4567824A45A818BC389D7EEAE3C7B678

155316526FF476698494E90EFC1127BC 155316526FF476698494E90EFC1127BC


C2地址: C2 address:

www.firmwaresystemupdate.com Www.firmwaresystemupdate.com

push.lohefeshordeh.net Push.lohefeshordeh.net

www.ychatonline.net Www.ychatonline.net

www.appsoftupdate.com Www.appsoftupdate.com
More info: https://mp.weixin.qq.com/s/yaLC8gs-U92X6WnYzuuQ7w

Date added Oct. 9, 2019, 1 p.m.
Source Weixin
  • All New Malware or Attack Alerts - New Reports / IOCs in
  • . APTs - Advanced Persistent Threats - New Reports in
  • . APTs - Iran - New Reports in
  • Iran - Domestic Kitten
  • Mobile Malware and Threats - Various
  • Mobile Malware - New Reports in
  • . News Iran
  • .News Middle East - Various