{"id":20470,"date":"2012-11-29T22:50:27","date_gmt":"2012-11-30T06:50:27","guid":{"rendered":"http:\/\/blogs.mcafee.com\/?p=20470"},"modified":"2024-02-19T00:14:55","modified_gmt":"2024-02-19T08:14:55","slug":"narilam-trojan-targets-iranian-financial-software","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/","title":{"rendered":"Narilam Trojan Targets Iranian Financial Software"},"content":{"rendered":"<p>Iranian infrastructure has been on the radar of cyberattackers for a couple of years. We have already witnessed organized and sophisticated attacks such as Stuxnet, Duqu, and similar assaults. Now we have seen yet another attack against Iran, this one primarily targeting the Microsoft SQL Server databases of some Iranian financial software. This attack has been named Narilam because one of the financial applications it targets is called Maliran.<\/p>\n<p>We have analyzed several samples of this malware, one of which was about 2MB. From the binaries&#8217; headers, it looks as though this attack has been going on for a while: The Trojan was compiled with Borland C++ in 2010.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/?attachment_id=20474\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-20474\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2012\/11\/timestamp.png\" alt=\"\" width=\"446\" height=\"178\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2012\/11\/timestamp.png 557w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2012\/11\/timestamp-300x119.png 300w\" sizes=\"auto, (max-width: 446px) 100vw, 446px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>One sample, first seen in June 2012, has a timestamp of July 2002.<\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/?attachment_id=20484\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-20484\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2012\/11\/timestamp3.png\" alt=\"\" width=\"428\" height=\"160\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2012\/11\/timestamp3.png 594w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2012\/11\/timestamp3-300x112.png 300w\" sizes=\"auto, (max-width: 428px) 100vw, 428px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>Although these headers could have been faked, while analyzing the code we found the date April 25, 2010, which leads us to believe that this threat has existed for more than two years.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/?attachment_id=20485\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-20485\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2012\/11\/timestamp4.png\" alt=\"\" width=\"409\" height=\"184\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2012\/11\/timestamp4.png 454w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2012\/11\/timestamp4-300x134.png 300w\" sizes=\"auto, (max-width: 409px) 100vw, 409px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"http:\/\/certcc.ir\/index.php?name=news&amp;file=article&amp;sid=2252\">The Iranian CERT team<\/a> has published an alert for this malware, indicating that Narilam has been known since 2010 by a different name.<\/p>\n<h2><strong>Narilam Targets<\/strong><\/h2>\n<p>The installation process of this malware is fairly standard in creating the start-up registry entries and copying itself as lsass.exe into the system directory. It targets certain SQL databases and tables of the following Iranian finance and banking software.<\/p>\n<ul>\n<li>Maliran (integrated financial and applications software)<\/li>\n<li>Shahd (integrated financial, commercial, and retail software)<\/li>\n<li>Amin (banking software)<\/li>\n<\/ul>\n<p>Narilam checks for the presence of these software and exits the infected systems if it does not find them.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/?attachment_id=20487\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-20487\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2012\/11\/12.png\" alt=\"\" width=\"500\" height=\"466\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2012\/11\/12.png 500w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2012\/11\/12-300x279.png 300w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>Although the malware code doesn&#8217;t seem to employ any sophisticated techniques compared with its predecessors, it can connect to the specific databases via OLE DB and send SQL queries to update or delete records and drop certain tables with specific names. Here are some of the SQL queries that we&#8217;ve found in the code:<\/p>\n<ul>\n<li><strong>Update<\/strong> Asnad Set SanadNo=@SanadNo1,LastNo=@SanadNo1,FirstNo=@SanadNo1 Where Cast(SanadNo as int)=@SanadNo and Raj=@Raj<\/li>\n<li><strong>Set<\/strong> @SanadNo=(select Max(Cast(sellercod As int )) from A_Sellers<\/li>\n<li><strong>Delete<\/strong> from A_Sellers Where Cast(sellercod as int)=@SanadNo<\/li>\n<li><strong>Update<\/strong> A_TranSanj Set Tranid=@SanadNo1 Where Cast(Tranid as int)=@SanadNo and Raj=@Raj<\/li>\n<li><strong>Delete<\/strong> from Koll Where Cast(Koll as int)=@SanadNo<\/li>\n<li><strong>Delete<\/strong> from Moein Where Cast(Moein as int)=@SanadNo<\/li>\n<li><strong>Drop<\/strong> table Holiday_1<\/li>\n<li><strong>Set<\/strong> @SanadNo=Round(@SanadNo * (SELECT RAND(@IDLE)),0,0<\/li>\n<li><strong>Set<\/strong> @Raj=(select Max(Raj) from R_DetailFactoreForosh Where Cast(SanadNoForosh as int)=@SanadNo<\/li>\n<li><strong>Update<\/strong> R_DetailFactoreForosh Set SanadNoForosh=@SanadNo1 Where Cast(SanadNoForosh as int)=@SanadNo and Raj=@Raj<\/li>\n<\/ul>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/?attachment_id=20488\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-20488\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2012\/11\/21.png\" alt=\"\" width=\"577\" height=\"257\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2012\/11\/21.png 801w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2012\/11\/21-300x134.png 300w\" sizes=\"auto, (max-width: 577px) 100vw, 577px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>Here are the some of the database tables that Narilam targets for updating and deleting records:<\/p>\n<ul>\n<li>Holiday_1<\/li>\n<li>Holiday_2<\/li>\n<li>A_Sellers<\/li>\n<li>A_TranSanj<\/li>\n<li>Koll<\/li>\n<li>R_DetailFactoreForosh<\/li>\n<li>Moein<\/li>\n<li>Tafsily<\/li>\n<li>Vamghest<\/li>\n<\/ul>\n<p>Some of the table names dropped from the database:<\/p>\n<ul>\n<li>Holiday_1<\/li>\n<li>Holiday_2<\/li>\n<li>A_Sellers<\/li>\n<\/ul>\n<p>Next we see the portion of the code where it tries to access SQL Server&#8217;s sysobjects table:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/?attachment_id=20489\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-20489\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2012\/11\/31.png\" alt=\"\" width=\"547\" height=\"326\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2012\/11\/31.png 608w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2012\/11\/31-300x178.png 300w\" sizes=\"auto, (max-width: 547px) 100vw, 547px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>The binary also contains the following sequence to further corrupt the database with random values:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/?attachment_id=20492\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-20492\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2012\/11\/5.png\" alt=\"\" width=\"547\" height=\"251\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2012\/11\/5.png 608w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2012\/11\/5-300x137.png 300w\" sizes=\"auto, (max-width: 547px) 100vw, 547px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>All the financial and banking software targeted by this malware are products of the Iranian company Tarrah Systems, which issued a warning on its website about W32.Narilam a couple of days ago. The company asked its customers to use the backups of their databases if they are using the targeted products.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/?attachment_id=20491\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-20491\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2012\/11\/42.png\" alt=\"\" width=\"692\" height=\"172\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2012\/11\/42.png 989w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2012\/11\/42-300x74.png 300w\" sizes=\"auto, (max-width: 692px) 100vw, 692px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>While analyzing several similar samples of this malware, it seems this code was written to corrupt and delete databases accessed by these software, thereby causing potential financial losses to users. Possible targets of Narilam are corporations and banks that are likely to have these applications installed. We recommend that users of these systems regularly back up their systems, and avoid any kind of disturbance.<\/p>\n<p>McAfee detects this malware as Generic.Backdoor.wc. McAfee customers with the latest antivirus definitions are already protected against these attacks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Iranian infrastructure has been on the radar of cyberattackers for a couple of years. We have already witnessed organized and&#8230;<\/p>\n","protected":false},"author":1088,"featured_media":102121,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[3944,338,180,18],"coauthors":[786],"class_list":["post-20470","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mcafee-labs","tag-antivirus","tag-endpoint-protection","tag-malware","tag-network-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Narilam Trojan Targets Iranian Financial Software | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Iranian infrastructure has been on the radar of cyberattackers for a couple of years. We have already witnessed organized and sophisticated attacks such\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Narilam Trojan Targets Iranian Financial Software | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Iranian infrastructure has been on the radar of cyberattackers for a couple of years. We have already witnessed organized and sophisticated attacks such\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2012-11-30T06:50:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-19T08:14:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/06\/Network-of-internet-of-things-attacked-by-a-hacker-on-one-node-3D-illustration-768x432-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"768\" \/>\n\t<meta property=\"og:image:height\" content=\"432\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Chintan Shah\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chintan Shah\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/\"},\"author\":{\"name\":\"Chintan Shah\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/48a67aca4e443a833854424927b55569\"},\"headline\":\"Narilam Trojan Targets Iranian Financial Software\",\"datePublished\":\"2012-11-30T06:50:27+00:00\",\"dateModified\":\"2024-02-19T08:14:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/\"},\"wordCount\":687,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/06\/Network-of-internet-of-things-attacked-by-a-hacker-on-one-node-3D-illustration-768x432-1.jpg\",\"keywords\":[\"antivirus\",\"endpoint protection\",\"malware\",\"network security\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/\",\"name\":\"Narilam Trojan Targets Iranian Financial Software | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/06\/Network-of-internet-of-things-attacked-by-a-hacker-on-one-node-3D-illustration-768x432-1.jpg\",\"datePublished\":\"2012-11-30T06:50:27+00:00\",\"dateModified\":\"2024-02-19T08:14:55+00:00\",\"description\":\"Iranian infrastructure has been on the radar of cyberattackers for a couple of years. We have already witnessed organized and sophisticated attacks such\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/#primaryimage\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/06\/Network-of-internet-of-things-attacked-by-a-hacker-on-one-node-3D-illustration-768x432-1.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/06\/Network-of-internet-of-things-attacked-by-a-hacker-on-one-node-3D-illustration-768x432-1.jpg\",\"width\":768,\"height\":432},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Narilam Trojan Targets Iranian Financial Software\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/48a67aca4e443a833854424927b55569\",\"name\":\"Chintan Shah\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/4bd41c8738b3a7e04f993101170b3377\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/09\/Chintan-Shah-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/09\/Chintan-Shah-96x96.jpg\",\"caption\":\"Chintan Shah\"},\"description\":\"Chintan Shah is currently working as a Security Researcher with McAfee Intrusion Prevention System team and holds broad experience in the network security industry. He primarily focuses on Exploit and vulnerability research, building Threat Intelligence frameworks, Reverse engineering techniques and malware analysis. Chintan had researched and uncovered multiple targeted and espionage attacks in the past blogging about them. His interests lies in software fuzzing for vulnerability discovery, analyzing exploits, malwares and translating to product improvement.\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/chintan-shah\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Narilam Trojan Targets Iranian Financial Software | McAfee Blog","description":"Iranian infrastructure has been on the radar of cyberattackers for a couple of years. We have already witnessed organized and sophisticated attacks such","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Narilam Trojan Targets Iranian Financial Software | McAfee Blog","og_description":"Iranian infrastructure has been on the radar of cyberattackers for a couple of years. We have already witnessed organized and sophisticated attacks such","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2012-11-30T06:50:27+00:00","article_modified_time":"2024-02-19T08:14:55+00:00","og_image":[{"width":768,"height":432,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/06\/Network-of-internet-of-things-attacked-by-a-hacker-on-one-node-3D-illustration-768x432-1.jpg","type":"image\/jpeg"}],"author":"Chintan Shah","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"Chintan Shah","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/"},"author":{"name":"Chintan Shah","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/48a67aca4e443a833854424927b55569"},"headline":"Narilam Trojan Targets Iranian Financial Software","datePublished":"2012-11-30T06:50:27+00:00","dateModified":"2024-02-19T08:14:55+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/"},"wordCount":687,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/06\/Network-of-internet-of-things-attacked-by-a-hacker-on-one-node-3D-illustration-768x432-1.jpg","keywords":["antivirus","endpoint protection","malware","network security"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/","name":"Narilam Trojan Targets Iranian Financial Software | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/06\/Network-of-internet-of-things-attacked-by-a-hacker-on-one-node-3D-illustration-768x432-1.jpg","datePublished":"2012-11-30T06:50:27+00:00","dateModified":"2024-02-19T08:14:55+00:00","description":"Iranian infrastructure has been on the radar of cyberattackers for a couple of years. We have already witnessed organized and sophisticated attacks such","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/#primaryimage","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/06\/Network-of-internet-of-things-attacked-by-a-hacker-on-one-node-3D-illustration-768x432-1.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/06\/Network-of-internet-of-things-attacked-by-a-hacker-on-one-node-3D-illustration-768x432-1.jpg","width":768,"height":432},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/narilam-trojan-targets-iranian-financial-software\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Narilam Trojan Targets Iranian Financial Software"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/48a67aca4e443a833854424927b55569","name":"Chintan Shah","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/4bd41c8738b3a7e04f993101170b3377","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/09\/Chintan-Shah-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/09\/Chintan-Shah-96x96.jpg","caption":"Chintan Shah"},"description":"Chintan Shah is currently working as a Security Researcher with McAfee Intrusion Prevention System team and holds broad experience in the network security industry. He primarily focuses on Exploit and vulnerability research, building Threat Intelligence frameworks, Reverse engineering techniques and malware analysis. Chintan had researched and uncovered multiple targeted and espionage attacks in the past blogging about them. His interests lies in software fuzzing for vulnerability discovery, analyzing exploits, malwares and translating to product improvement.","url":"https:\/\/www.mcafee.com\/blogs\/author\/chintan-shah\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/20470","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/1088"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=20470"}],"version-history":[{"count":1,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/20470\/revisions"}],"predecessor-version":[{"id":183062,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/20470\/revisions\/183062"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media\/102121"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=20470"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=20470"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=20470"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=20470"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}