Mr.Tekide

Much has been written about Mr.Tekide and his crypters used by APT34 (OilRig) and others. Other

organizations have documented information about Mr.Tekide’s tools in ‘celebrated’ cyber attacks against Fortune 500 institutions, governments, educational organizations, and critical infrastructure entities.

Identification

However, identifying Mr.Tekide, his background, locations, and his own words has never been openly accomplished. Many believe that following an individual does not pay dividends. Treadstone 71 demonstrates the alignment of Mr.Tekide to the Iranian government through years of support using crypters such as the iloveyoucrypter, qazacrypter, and njRAT.

Exploits

Information on the exploits of Mr.Tekide is found on information security and research firm sites such as TheCitizenLab out of Canada https://citizenlab.ca/2016/08/group5-syria/ and the plethora of reports on OilRig / APT34 at https://attack.mitre.org/groups/G0049/ using Mitre ATT&CK.

Tracking

Treadstone 71 started tracking Mr.Tekide in the early days of Ashiyane as we did many of the members associated with this group and those registering for their forums.  Soon thereafter we identified Mr.Tekide yet held back the identity from almost all entities, until now.

Treadstone 71 Adversary Baseball Card

The Treadstone 71 Baseball Card is the first publically released. The content is detailed. The data may be surprising. The identity validated.

From Mr.Tekide:

I’m proud to have done projects that were done in the Ministry of Defense and I did not continue my software engineering courses, nor did I continue to work in the Ministry of Defense for my own reasons. Also, for the same reason, I was allowed to leave 10 years. I do not have a country and I do not want to stay in Iran! ….

v203adzu1y4fl7dv0b7u

Request for the Files

Should you wish to learn about Mr.Tekide, you will have to provide a valid business address at a minimum. We may still deny access since this is at our complete discretion. Send your business email with Name, Title, Company Name, and full business email using the form below with a brief justification.

Failure to provide any of the data removes consideration. Failure to provide a business address (i.e., non-Hotmail, Outlook, Yahoo, Gmail, Protonmail, mail, etc.) removes consideration.

Each request is addressed individually with files specifically marked for each approved requestor. Access time for pick up is clocked (i.e., expiration date/time) and pickup documented. Approval is not instantaneous and may take up to 24 hours for validation.

 

Copyright Treadstone 71 2016©

 

 

 

 

 

 

 

The card is now available at Treadstone 71