{
  "name": "Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset",
  "slug": "best-laid-plans-ta453-targets-religious-figure-with-fake-podcast-invite-delivering-new-blacksmith-malware-toolset",
  "description": "Proofpoint security researchers identified an Iranian threat group known as TA453 targeting a prominent religious figure through a sophisticated social engineering campaign. The threat actors impersonated a legitimate organization and invited the target to participate in a podcast interview. Upon engaging with the malicious links, the campaign attempted to deliver a new malware toolkit called BlackSmith, which included a PowerShell trojan dubbed AnvilEcho by Proofpoint. The malware is designed for intelligence gathering and exfiltration, bundling various capabilities previously observed in separate TA453 malware modules into a single script.",
  "published": "2024-08-20T13:17:45+00:00",
  "created_at": "2024-08-20T13:17:45+00:00",
  "modified_at": "2024-08-20T13:55:51+00:00",
  "created_at_opencti": "2024-08-20T13:17:45+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-08-20",
    "anvilecho",
    "blacksmith",
    "iran",
    "social engineering"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "understandingthewar.org"
      },
      {
        "id": "",
        "name": "deepspaceocean.info"
      },
      {
        "id": "",
        "name": "dcb072061defd12f12deb659c66f40473a76d51c911040b8109ba32bb36504e3"
      },
      {
        "id": "",
        "name": "dc5c963f1428db051ff7aa4d43967a4087f9540a9d331dea616ca5013c6d67ce"
      },
      {
        "id": "",
        "name": "8a47fd166059e7e3c0c1740ea8997205f9e12fc87b1ffe064d0ed4b0bf7c2ce1"
      },
      {
        "id": "",
        "name": "d033db88065bd4f548ed13287021ac899d8c3215ebc46fdd33f46a671bba731c"
      },
      {
        "id": "",
        "name": "5dca88f08b586a51677ff6d900234a1568f4474bbbfef258d59d73ca4532dcaf"
      },
      {
        "id": "",
        "name": "574fc53ba2e9684938d87fc486392568f8db0b92fb15028e441ffe26c920b4c5"
      },
      {
        "id": "",
        "name": "5aee738121093866404827e1db43c8e1a7882291afedfe90314ec90b198afb36"
      },
      {
        "id": "",
        "name": "258d9d67e14506b70359daabebd41978c7699d6ce75533955736cdd2b8192c1a"
      }
    ],
    "malware": [
      {
        "id": "843c5aee-af04-474f-bb68-b54a596a76b5",
        "name": "AnvilEcho",
        "slug": "anvilecho"
      },
      {
        "id": "legacy:malware:34ae707a963ad8a1",
        "name": "BlackSmith",
        "slug": "blacksmith"
      }
    ],
    "intrusion_sets": [
      {
        "id": "legacy:intrusion:c344618a58d52b62",
        "name": "TA453",
        "slug": "ta453"
      }
    ],
    "attack_patterns": [
      {
        "id": "06e3163e-2f5a-4983-9b07-6e4c5995afac",
        "name": "T1009"
      },
      {
        "id": "32817170-4c07-427e-b8a5-80a733ae2550",
        "name": "T1497"
      },
      {
        "id": "88fa397b-4cc9-42c0-b52d-4108f9630529",
        "name": "T1095"
      },
      {
        "id": "a72b6e11-a5d5-4f5a-8f0d-8861e90c34f7",
        "name": "T1555"
      },
      {
        "id": "fc699aef-8931-4a79-8f79-9651be9abd50",
        "name": "T1021"
      },
      {
        "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571",
        "name": "T1105"
      },
      {
        "id": "45082a8e-9c79-470e-ad1b-decac7188e8f",
        "name": "T1083"
      },
      {
        "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e",
        "name": "T1071"
      },
      {
        "id": "c12e0e03-aab0-4646-a929-e921a3d27f02",
        "name": "T1219"
      },
      {
        "id": "50514c04-b3a2-4abf-a855-e3a434200c87",
        "name": "T1204"
      },
      {
        "id": "bb20a9e1-f4f6-459d-94f4-470c6867dc2d",
        "name": "T1053"
      },
      {
        "id": "0b2b1ecd-d52e-492a-af08-050954bc03e5",
        "name": "T1056"
      },
      {
        "id": "ca53b2fa-42a8-45ec-9682-0cf54bf280f3",
        "name": "T1090"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ]
  },
  "external_refs": [
    "https://www.proofpoint.com/us/blog/threat-insight/best-laid-plans-ta453-targets-religious-figure-fake-podcast-invite-delivering",
    "https://otx.alienvault.com/pulse/66c4b399655c2a269ff0810f"
  ]
}