Tags
TrojanMalware
References
https://www.proofpoint.com/us/blog/threat-insight/best-laid-plans-ta453-targets-religious-figure-fake-podcast-invite-delivering
Last edited
Aug 21, 2024 3:20 PM
AnvilEcho is a PowerShell-based trojan used by the Iranian threat actor TA453 in cyber espionage campaigns. It is part of a new malware toolkit, BlackSmith, and is designed to enable intelligence gathering and data exfiltration. Unlike previous modular approaches used by TA453, AnvilEcho consolidates all malware capabilities into a single script. It employs encryption and network communication techniques seen in earlier TA453 samples, facilitating stealthy and persistent data collection from compromised systems. Its functionalities focus on evading detection, bypassing SSL/TLS validation, and executing complex obfuscation methods.