Who are the Iran Malware Team?

ICNA have found a mysterious Iranian hacking team called the “Iran Malware Team”. We have not heard of them before and would like to know more.

They have a website at iranmalware.team and their site shows they appear to be buying malware from anywhere and also have malware for sale. They openly state on the website that Iranian malware development is improving and implies that they are involved in social engineering targets to use malware. The group want to combat foreign involvement against Iranian malware development. 

The website states “death to the hypocrites and infidels” and shows a page with a link to products they say are for sale, with a link to what appears to be a sample of their malware. The team state that their RATRemote Access Trojan– which targets Windows systems, has the typical features of a RAT -and they state that it is like the popular RAT called Poison Ivy– including remote file access and webcam control of a target, with encrypted communications between the victim and controller. Their RAT is said to be compatible with Metasploit.

There are no other links from the site, but there are three contacts by the names of bl4ck_ripp4r, dr0pp3r and sup3rh4cks and their email addresses are:

ICNA has not seen these handles before and we have tried contacting them for an interview but have so far heard nothing from them. Are they perhaps another group linked to the state?
ICNA would be happy to publish the results of patriotic Iranian hackers who want to reverse-engineer the malware and report their findings before we do; the race is on!

Leave a Reply

Your email address will not be published. Required fields are marked *