APT34_Leaked-Code

This is the leaked code - verifying needed

https://gbhackers.com/apt-34-hackers/

This leaks against APT 34 on Telegram contains malware source code, PowerShell Payload, a server-side module which is the c2 made in node.js, ASP Webshell, dubbed “HighShell” that has more than 30k lines of code. They started to leak the data since March 26 on Telegram via an archive file with source code by an unknown individual from Dookhtegan group.

Feb 2020 Update

APT34/OilRig and APT33/Elfin have established a highly developed and persistent infrastructure that could be converted to distribute destructive wiper malware.

The Fox Kitten Toolset The initial infection vector has been the exploitation of recently disclosed vulnerabilities in different VPN services such as Pulse Secure VPN, Fortinet VPN and Global Protect by Palo Alto Networks.

Below are the TTP used by APT34 but unverified (by ClearSky)- https://www.clearskysec.com/