Analyzing Iranian Tradecraft: Leveraging Loader Scripts and Telegram for C2

This report analyzes a set of loader scripts and a payload linked to intrusions that use Telegram bots for command-and-control and exfiltration, describing PowerShell/VBScript loaders that retrieve a zip containing smqdservice.exe and Python modules; it includes sample hashes, IOCs, TTP mapping to MITRE ATT&CK, and recommended mitigations for detection and prevention.