{ "Event": { "analysis": "1", "date": "2026-04-06", "extends_uuid": "", "info": "[Threat Intel] Seqrite: Advisory: Middle East Conflict & Cyber Escalation", "protected": false, "publish_timestamp": "1776070465", "published": true, "threat_level_id": "2", "timestamp": "1775975067", "uuid": "5b145dca-23a6-4251-b2c4-812e0cf9a36f", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#57356b", "local": false, "name": "misp-galaxy:producer=\"Seqrite\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"iran\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"israel\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": "" }, { "colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775530812", "to_ids": false, "type": "link", "uuid": "1833dded-7367-489f-a677-a431f4cfcc3b", "value": "https://www.seqrite.com/blog/iran-us-israel-cyberwar-2026-analysis/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1775530812", "to_ids": false, "type": "text", "uuid": "f850e57b-d1c7-4128-b92d-4e49aa7ec5da", "value": "Iran\u2019s cyber ecosystem operates through a layered structure that combines state-directed APT groups (IRGC-linked and MOIS-linked); semi-official contractors and front entities; hacktivist personas and collectives operated by intelligence services; and ideologically aligned foreign collectives operating in parallel. The Stryker Corporation attack on March 11, 2026 marked a significant escalation: a destructive wiper operation against the US, executed without malware by abusing legitimate MDM infrastructure representing a qualitative shift in Iranian operational capability and willingness to target Western corporate infrastructure." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1775530812", "to_ids": false, "type": "text", "uuid": "a1dc1add-571a-4ba9-b680-4e7377032a85", "value": "Name: Seqrite: Advisory: Middle East Conflict & Cyber Escalation\nAuthor: AlienVault\nAdversary: Stryker\nTags: [\"apt\", \"muddywater\", \"seedworm\", \"government\", \"iran\", \"stryker\"]\nTgtd countries: []\nMlwr families: []\nAttack_ids: []\nIndustries: [\"Government\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1775530812", "to_ids": false, "type": "threat-actor", "uuid": "c5d4cde8-d1d5-4702-a170-56bb359d4dfc", "value": "Stryker" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775974526", "to_ids": true, "type": "ip-dst", "uuid": "2b0e0ef1-1c5d-446d-9a46-175f02e812ab", "value": "172.81.60.97", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775530812", "to_ids": false, "type": "vulnerability", "uuid": "17cd9b72-5faf-46cf-8e30-18ab0ff1bcc4", "value": "CVE-2017-7921" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775530812", "to_ids": false, "type": "vulnerability", "uuid": "269f7829-2ebd-4f92-8154-7af71cc03427", "value": "CVE-2023-6895" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775974547", "to_ids": true, "type": "domain", "uuid": "e863f334-1986-4211-bb07-19790a134e7f", "value": "e-kflower.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775974568", "to_ids": true, "type": "domain", "uuid": "2edaf0e7-d9ef-4e19-90c5-3fd126c5c8d9", "value": "filebulldogs.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775974589", "to_ids": true, "type": "hostname", "uuid": "a8755c61-2679-457a-b5a0-fc25c611f7a6", "value": "tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ] } }