Cadelle

๐Ÿ”ด High
Also known as: Cadelle

Symantec telemetry identified Cadelle and Chafer activity dating from as far back as July 2014, however, itโ€™s likely that activity began well before this date. Command-and-control (C&C) registrant information points to activity possibly as early as 2011, while executable compilation times suggest early 2012. Their attacks continue to the present day. Symantec estimates that each team is made up of between 5 and 10 people.

๐ŸŒ Country Iran
โšก Risk Level High

Introduction

Symantec telemetry identified Cadelle and Chafer activity dating from as far back as July 2014, however, itโ€™s likely that activity began well before this date. Command-and-control (C&C) registrant information points to activity possibly as early as 2011, while executable compilation times suggest early 2012. Their attacks continue to the present day. Symantec estimates that each team is made up of between 5 and 10 people.

Activities and Tactics

Country of Origin: ๐Ÿ‡ฎ๐Ÿ‡ท Iran

Risk Level: High

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • Back Orifice
  • Back Orifice 2000

Attribution and Evidence

Country of Origin: Iran Additional attribution information pending cataloguing.

References

References pending cataloguing.