{ "Event": { "analysis": "1", "date": "2026-03-11", "extends_uuid": "", "info": "[Threat Intel] Iran conflict drives heightened espionage activity against Middle East targets", "protected": false, "publish_timestamp": "1774048942", "published": true, "threat_level_id": "2", "timestamp": "1774048941", "uuid": "b0dbe9fe-31e8-4c3e-a6e0-e046220ca560", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#2d8ee7", "local": false, "name": "misp-galaxy:producer=\"Proofpoint\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#3d38fc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Acquire Infrastructure - T1583\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": "" }, { "colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": "" }, { "colour": "#3bc6ad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Code Signing - T1553.002\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#82eae0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1583.001\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#5780f7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Default Accounts - T1078.001\"", "relationship_type": "" }, { "colour": "#cb2725", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Right-to-Left Override - T1036.002\"", "relationship_type": "" }, { "colour": "#1b0fe1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerade Task or Service - T1036.004\"", "relationship_type": "" }, { "colour": "#454726", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Infrastructure - T1584\"", "relationship_type": "" }, { "colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": "" }, { "colour": "#4a5d84", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Services - T1583.006\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#18349e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"One-Way Communication - T1102.003\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#57997c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bidirectional Communication - T1102.002\"", "relationship_type": "" }, { "colour": "#e66f0c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Accounts - T1078.002\"", "relationship_type": "" }, { "colour": "#7d37d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Python - T1059.006\"", "relationship_type": "" }, { "colour": "#ad3992", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Server - T1584.004\"", "relationship_type": "" }, { "colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": "" }, { "colour": "#5884a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious Link - T1204.001\"", "relationship_type": "" }, { "colour": "#dedf36", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1584.001\"", "relationship_type": "" }, { "colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#098efb", "local": false, "name": "misp-galaxy:target-information=\"British Indian Ocean Territory\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#20a667", "local": false, "name": "misp-galaxy:target-information=\"Iran\"", "relationship_type": "" }, { "colour": "#4929fe", "local": false, "name": "misp-galaxy:target-information=\"Iraq\"", "relationship_type": "" }, { "colour": "#26fab6", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Syria\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Charming Kitten\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT35\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT42\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773658840", "to_ids": false, "type": "link", "uuid": "a47dc665-c968-4786-88f3-a1542c3960f8", "value": "https://www.proofpoint.com/us/blog/threat-insight/iran-conflict-drives-heightened-espionage-activity-against-middle-east-targets" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1773658840", "to_ids": false, "type": "text", "uuid": "0b977012-f5a2-45c2-926f-6d1615d6a132", "value": "The ongoing conflict involving Iran has led to increased cyber espionage activities targeting Middle Eastern governments. Multiple state-sponsored threat actors, including those from China, Belarus, Pakistan, and Hamas, have been observed conducting campaigns using the conflict as a lure. These actors are employing various tactics such as credential phishing, malware delivery, and compromised accounts to target government and diplomatic organizations. The campaigns often use war-themed content to engage targets and gather intelligence on the conflict's trajectory and geopolitical implications. Iranian threat actors continue their traditional espionage efforts alongside disruptive campaigns in support of war efforts. This heightened activity reflects both opportunistic use of topical lures and shifts in intelligence collection priorities for various state-aligned groups." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1773658840", "to_ids": false, "type": "text", "uuid": "93df0868-8425-4759-9643-05268ba1f926", "value": "Name: Iran conflict drives heightened espionage activity against Middle East targets\nAuthor: AlienVault\nAdversary: \nTags: [\"rust backdoor\", \"iran conflict\", \"cobalt strike\", \"phishing\", \"cyber espionage\", \"state-sponsored actors\", \"government targets\"]\nTgtd countries: [\"United States of America\", \"British Indian Ocean Territory\", \"India\", \"Iran, Islamic Republic of\", \"Iraq\", \"Israel\", \"Syrian Arab Republic\"]\nMlwr families: [\"Cobalt Strike - S0154\", \"Rust backdoor\"]\nAttack_ids: [\"T1583\", \"T1204.002\", \"T1566.002\", \"T1566.001\", \"T1553.002\", \"T1140\", \"T1583.001\", \"T1036\", \"T1078.001\", \"T1036.002\", \"T1036.004\", \"T1584\", \"T1102\", \"T1583.006\", \"T1059.001\", \"T1102.003\", \"T1566\", \"T1078\", \"T1027\", \"T1102.002\", \"T1078.002\", \"T1059.006\", \"T1584.004\", \"T1574.002\", \"T1204.001\", \"T1584.001\"]\nIndustries: [\"Government\", \"Defense\"]" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028184", "to_ids": true, "type": "sha256", "uuid": "b459849b-6d92-4913-a8de-5a6d24aaeeb5", "value": "14efa1194cc4c6aa5585d63c032268794364123d41a01121cbd5e56f7c313399", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028186", "to_ids": true, "type": "sha256", "uuid": "555d4d38-2489-481e-bc15-dde8a9845cc2", "value": "4b9661092051839496c04169ccb52b659c0f65cefd14a990e23565a0c0e8eeaf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028187", "to_ids": true, "type": "sha256", "uuid": "e1e19adc-e687-45f8-b749-9e7c2a9b3de2", "value": "7b6d69a249fe2adf43eefc31cdeca62cf48ab428fcbf199322feeb99d24fb001", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028188", "to_ids": true, "type": "sha256", "uuid": "8ab20277-5f40-4de8-80e0-a8282626f63a", "value": "9477d9cd1435dc465b4047745e9c71103a114d65ed0d5f02ac3c97ac3f1dbf47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028190", "to_ids": true, "type": "sha256", "uuid": "ed9122a8-7c63-41bf-81df-3ebeaa80c503", "value": "a8acb9864e6f64323ed75e69038ca9bfe76f7b1b0d24ec7df8ac07b6dbd641a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028191", "to_ids": true, "type": "sha256", "uuid": "133be686-8193-46c9-b47f-ab7938fe30ea", "value": "a9f4f4bc12896d0f0d2eeff02dd3e3e1c1406d8a6d22d59aa85f151d806ba390", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028192", "to_ids": true, "type": "sha256", "uuid": "06e8eee3-584f-4fc9-8c0f-c2a72769df6e", "value": "b58ec14b0119182aef12d153280962ad76c30e3cd67533177d55481704eba705", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028193", "to_ids": true, "type": "sha256", "uuid": "444eafd7-d8c2-41fc-8ab7-43f042c236c8", "value": "d518262dd687a48f273966853f3ed4eb7404eb918b165bb71ff83f75962c0104", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028195", "to_ids": true, "type": "sha256", "uuid": "06cd2d4a-0813-4aad-94a2-e4eaf12c8fb5", "value": "dfaaaf75147afbd57844382c953ec7ef36f68a9c17c66a47a847279a6b1109c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028196", "to_ids": true, "type": "sha256", "uuid": "b76e1cea-e598-40dd-992d-b0f7960e426d", "value": "ea1d98a41ad9343d017fa72f4baeeca0daa688bec6e0508e266c5e37e9d330de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028197", "to_ids": true, "type": "sha256", "uuid": "12e36a54-e10b-4953-b80c-68a2065176f1", "value": "fed6ebb87f7388adf527076b07e81dfa432bac4e899b0d7af17b85cc0205ffad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032939", "to_ids": true, "type": "url", "uuid": "96f77e81-d73b-4589-9d0b-9ddc39241a30", "value": "https://deepdive.hypernas.com/hypernas/api/page.php?uid=", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032961", "to_ids": true, "type": "url", "uuid": "6bd47ef3-f619-4798-90cf-fe414f94b82d", "value": "https://defenceprodindia.site/server.php?file=Reader_en_install", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774032982", "to_ids": true, "type": "url", "uuid": "311bc7a1-d80e-4316-8f83-84ca3d244b8d", "value": "https://iran.dashboard.1drvms.store/errors/sessionerrors/expire?client=", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774033004", "to_ids": true, "type": "url", "uuid": "6b9ba535-0483-4c3c-add2-e76836c70175", "value": "https://iran.dashboard.1drvms.store/errors/sessionerrors/expire?client=[redacted]", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774033026", "to_ids": true, "type": "url", "uuid": "902bc8cd-8b54-4730-9b07-693cfea0312f", "value": "https://mail.iwsmailserver.com/owa/auth/logon.aspx?uid=", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774033047", "to_ids": true, "type": "url", "uuid": "ed2e14fc-c80b-4d65-bc63-62aace83bce5", "value": "https://unityprogressall.org/imagecontent/getimgcontent.php?id=", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774033069", "to_ids": true, "type": "domain", "uuid": "5d126c2f-61e3-43c1-965f-f241f4e391ce", "value": "1drvms.store", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774033090", "to_ids": true, "type": "domain", "uuid": "41c7f1ce-1048-46fa-8177-5a58e586fcb0", "value": "almersalstore.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774033112", "to_ids": true, "type": "domain", "uuid": "5d98cb49-d8f9-48b6-9cc6-001fa651c8b1", "value": "defenceprodindia.site", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774033133", "to_ids": true, "type": "domain", "uuid": "d435e822-1e83-4967-b606-3389778f49c4", "value": "iwsmailserver.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774033155", "to_ids": true, "type": "domain", "uuid": "fe7a2a7f-7ce0-403f-a98e-bd26bd8a1c4e", "value": "transfergocompany.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774033176", "to_ids": true, "type": "domain", "uuid": "6e06bc72-4b15-4468-b8d0-fef8b3ecc32a", "value": "unityprogressall.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774033199", "to_ids": true, "type": "domain", "uuid": "7530f77a-f4c5-47f8-987e-e4d7a9b86e4d", "value": "med.gov.sy", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774033220", "to_ids": true, "type": "domain", "uuid": "fe12dbeb-358f-4485-bad4-41d95cb33ea3", "value": "mofa.gov.iq", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774033241", "to_ids": true, "type": "domain", "uuid": "021e9715-ec58-4ffe-a8cf-aa3e022468af", "value": "denika.se", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774033263", "to_ids": true, "type": "domain", "uuid": "a71583c4-c3ff-408e-ab3f-96711da88fb8", "value": "elcat.kg", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774033284", "to_ids": true, "type": "hostname", "uuid": "83bd10c5-2d20-4f78-a048-6c5ad3f195f2", "value": "deepdive.hypernas.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774033306", "to_ids": true, "type": "hostname", "uuid": "5d0b24e8-9954-4d61-a5ae-f1782f4ca83e", "value": "iran.dashboard.1drvms.store", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774033327", "to_ids": true, "type": "hostname", "uuid": "ea4a34fb-3e3d-453c-ae92-b1450b174ebf", "value": "mail.iwsmailserver.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774033349", "to_ids": true, "type": "hostname", "uuid": "dd616b86-5b01-4ca2-9d1f-0601bdf465e9", "value": "support.almersalstore.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774033370", "to_ids": true, "type": "hostname", "uuid": "999f0ef6-5112-4f01-a72f-3a16782006c6", "value": "war.analyse.ltd", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774009428", "to_ids": true, "type": "email-src", "uuid": "6ff08f00-3b5d-4347-a17b-cf06264b01c1", "value": "uzbembish@elcat.kg" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774009428", "to_ids": true, "type": "email-src", "uuid": "c594bbf9-7efb-423a-934a-260b9d5e859a", "value": "ban.ali@mofa.gov.iq" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774009428", "to_ids": true, "type": "email-src", "uuid": "67c54cd0-2188-456b-ad4d-4772f0c2210a", "value": "nqandeel04@gmail.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774009428", "to_ids": true, "type": "email-src", "uuid": "16e31f02-8a9a-4d6b-8cdb-acc0f8e5854b", "value": "maria.tomasik@denika.se" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774033392", "to_ids": true, "type": "ip-dst", "uuid": "714439bd-5bef-4165-b46e-66eb6e0db4b4", "value": "72.60.90.32", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774009428", "to_ids": true, "type": "email-src", "uuid": "dd10a927-6ded-480f-9f16-34cb2f39d90b", "value": "war.analyse.ltd@outlook.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774009428", "to_ids": true, "type": "email-src", "uuid": "4c4b9a48-205d-445d-abd0-ac3827a18ce3", "value": "ali.mo@med.gov.sy" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774009428", "to_ids": true, "type": "email-src", "uuid": "e5cccd2b-afcd-4cd4-943b-230527d9dfc9", "value": "jscop.mea.gov.in@outlook.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774033413", "to_ids": true, "type": "url", "uuid": "f587c9a7-a179-4470-b633-f973fe86ecee", "value": "https://endpoint1-b0ecetbuabcdg9cp.z01.azurefd.net:443/download.php?file=cnVzdHVwaW5pdA", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774033434", "to_ids": true, "type": "hostname", "uuid": "c00135ea-0f5e-4d2c-b254-97bc45b9e03a", "value": "endpoint1-b0ecetbuabcdg9cp.z01.azurefd.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774009428", "to_ids": true, "type": "email-src", "uuid": "d5274fd8-14bb-4c83-982b-986a5252d499", "value": "mcmanus.michael@hotmail.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774033456", "to_ids": true, "type": "url", "uuid": "93fb9d18-9b59-4295-8d73-6f77797741d0", "value": "https://1drv.ms/b/c/cbec61ab8028f986/IQDa9igU3D3BRqiyNtth76AzAbOM6jUpa8apnuRl-zKXKow?e=E8bIfd", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774033477", "uuid": "21b6a0e2-98b9-483c-ae78-550b94baa752", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774033477", "to_ids": true, "type": "md5", "uuid": "3b9c8a31-4e90-490c-890b-a8e6cb9ad8a1", "value": "0456842d1af5760356e52db387f8897f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028181", "to_ids": true, "type": "sha1", "uuid": "4bb95ba4-22c8-43e1-8d19-b46c638c734f", "value": "60344a3a5ad950450cd798f585571d29f13f2dbb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028181", "to_ids": true, "type": "sha256", "uuid": "bb219bb5-9d7a-4154-9983-8d6b2b741db1", "value": "a9de383c6a1b00c9bd5a09ef87440d72ec7fc4bcd781207b3cace2f246788d4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774027186", "to_ids": true, "type": "ssdeep", "uuid": "fb3eec97-1751-4f1d-b245-1a95c2a4f739", "value": "24576:0DNmNOI4I+7nBxpcTksXWxQuD0yvXSqL2fkFWyBqtlVM7QpNd71oPib4bG:YNmQ37rfpVsXf20UL3W0qG7+d716ibyG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774027186", "to_ids": false, "type": "size-in-bytes", "uuid": "e9fbdbc1-3456-41eb-a791-ae8a7542e079", "value": "1516949" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774027186", "to_ids": true, "type": "vhash", "uuid": "44242fc7-6601-46df-ab6b-69bdc587159b", "value": "603a3ee597b9d63d92a9d2311ec39cfb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774027186", "to_ids": true, "type": "filename", "uuid": "16b9e13a-7a9c-44a7-ad01-b2032943fd9d", "value": "Strike at Gulf oil and gas facilities.zip" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774027186", "to_ids": false, "type": "text", "uuid": "2606ade3-31ec-43a4-a54f-e1f733779fdd", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:5/66\nFirst Submission:2026-03-03T16:46:06.000000+00:00\nLast Submission:2026-03-03T16:46:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774033498", "uuid": "6b18cc81-3822-497f-9dfa-397492300c72", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774033498", "to_ids": true, "type": "md5", "uuid": "25c3af1e-2210-41d7-9067-8b3ea391ae1c", "value": "e1e8717b8de67e13df9037982a548f99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028183", "to_ids": true, "type": "sha1", "uuid": "52c14bfc-15a5-4445-93fd-d038a0f30b30", "value": "9a1555294bddb15e32b28f3affa03fcbcec3f9e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028183", "to_ids": true, "type": "sha256", "uuid": "25f49db4-2464-4ba0-a702-6bb8a5e7501e", "value": "16db04b632668dae081359fc07c97e5a9b79dad61713642e48b494aa6b7828be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774027243", "to_ids": true, "type": "ssdeep", "uuid": "48d817ae-1fe5-4592-aa6a-6d5c75f0c12d", "value": "6144:7itzyyyQm9sCZEWnVEMrC5lKgsQDFIE5XWgA0Tx:7itzyyyzdCMmSDQDDTAo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774027243", "to_ids": false, "type": "size-in-bytes", "uuid": "72954e06-6b67-4c1c-97b6-5390d0d26387", "value": "248357" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774027243", "to_ids": true, "type": "vhash", "uuid": "04b1eb98-1ce7-40e4-abeb-15b4e3fd5eb6", "value": "919679f474f52f8f27eb01d7d4a3ada2c" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774027243", "to_ids": false, "type": "text", "uuid": "28c9ecc4-62f3-4c43-837a-f68057db7d9a", "value": "Type Description: PDF\nMicrosoft: None\nVT Total Detection:0/63\nFirst Submission:2026-03-11T16:44:57.000000+00:00\nLast Submission:2026-03-11T16:44:57.000000+00:00" } ] } ] } }