ICNA have found a mysterious Iranian hacking team called the “Iran Malware Team”. We have not heard of them before and would like to know more.
They have a website at iranmalware.team and their site shows they appear to be buying malware from anywhere and also have malware for sale. They openly state on the website that Iranian malware development is improving and implies that they are involved in social engineering targets to use malware. The group want to combat foreign involvement against Iranian malware development.
The website states “death to the hypocrites and infidels” and shows a page with a link to products they say are for sale, with a link to what appears to be a sample of their malware. The team state that their RAT –Remote Access Trojan– which targets Windows systems, has the typical features of a RAT -and they state that it is like the popular RAT called Poison Ivy– including remote file access and webcam control of a target, with encrypted communications between the victim and controller. Their RAT is said to be compatible with Metasploit.
There are no other links from the site, but there are three contacts by the names of bl4ck_ripp4r, dr0pp3r and sup3rh4cks and their email addresses are: