IOC Radar
SHA256MediumSignal 99/100

1b39f9b2b96a6586c4a11ab2fdbff8fdf16ba5a0ac7603149023d73f33b84498

Location
Iran, Islamic Republic ofIran, Islamic Republic of
First Seen
Dec 7, 2024
Last Seen
Jun 3, 2026
Dec 7
First Seen
552d ago
Jun 3
Last Seen
9d ago
11
Reports
source reports
99%
Confidence
medium
31/75
VirusTotal
detections
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
99 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

67 techniques

Feed Intelligence Summary

11 reports99% confidence
11
Source reports
99%
Confidence score
Category tags
abuseaccountactive scanactive scanningadded activeaerospace & defensealphvaptarmasiaattackbad reputationbankingbehavioralbitcoinaddressblackcatbotnet activitybrute forcebrute force attackcivil servicesclarotyclose modalcobalt strikecode executioncommand and controlcommand associatedcommand executioncommunication technologiescommunications networksconfigconnected devicescredential accesscredential harvestingcredential stuffingcredit card servicescritical infrastructurecross-platformcryptocurrencycsharp streamerdata exfiltrationdata store exposureddosdefensedefense contractingdefense logisticsdefense systemsdefense technologydetect-debug-environmentdevice managementdirectdomainsdriveelectronic health recordselfemergency servicesencoded urlenergyenergy distributionenergy systemsexecutable fileexploitationexploitation activityfile-hashfinancefinance and insurancefinancial servicesfinancial systemsfinancial technologygasgeneratedbotidgeopolitical conflictghostfetchgovernment facilitiesgovernment technologyguidhandalahasheshealth care and social assistancehealth information technologyhealthcare information systemshellohmishospital managementicedidicedid bringsicedid loaderidentity & access exploitationimpactindicatorindustrial iotinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinsideinternet of thingsiocs: bitcoinaddressiocs: domainiocs: filehashiocs: registryiotiot analyticsiot applicationsiot platformsiot securityiraniranian aptiranian apt groupsiranian threat actorsit infrastructurejsonlinuxlocalmalicious activitymalicious powershell activitymalicious softwaremalwaremalware deliverymedical servicesmilitary operationsmobile carriersmobile networksmodify registrymqttmtb descriptionnational securitynetwork scanningnetwork sharedntfs fileoil & gasoperating systemorpakosint reportot-ics-scadaotiotpackingpassword attackspatient carepayment processingphishingphishing attackplcplchmiportport8083 domainpower generationpower systemspowershellprimary mqttprocess injectionpublic administrationpublic infrastructurepublic policypushpythonransomwarereconaissancereconnaissanceregulatory agenciesrelated pulsesremoterenewable energyresearchedrole titlerun keysscadascripting attacksserviceshamoonshellsmart devicessocial engineeringsoftware developmentsoftware exploitationstartupstopstringsstrongstuxnett1003t1020t1021t1021.001t1027t1027.002t1033t1037.004t1039t1043t1045t1046t1055t1059t1059.001t1059.003t1059.004t1060t1069.001t1070.004t1071t1071.001t1078t1078.001t1082t1086t1096t1105t1110t1110.001t1110.002t1110.003t1110.004t1112t1133t1140t1189t1190t1203t1204.002t1485t1486t1490t1491t1498t1498.001t1498.002t1547.001t1552t1552.002t1561t1561.002t1565t1566t1566.001t1566.002t1566.003t1569.002t1587t1587.001t1588t1590t1590.001t1595t1595.001t1595.002t1595.003telecomtelecom servicestelecommunicationstempthreat actorthreat groupthreat group: cleaverthreat group: copykittensthreat group: handalathreat group: leafminerthreat group: oilrigthreat group: ransomhousethreat levelticklertimetor nodetransportation networkstype indicatorvulnerability scanwaterwater systemswealth managementwhitewiper malwareyears agozionsiphon

Activity Timeline

1 total obs
Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
99
SIGNAL
Signal Score
99%
Confidence
11
Reports
First seenDec 7, 2024
Last seenJun 3, 2026

VirusTotal

31/ 75vendors flagged
41% detection rateJun 5, 2026

WHOIS

description
SHA256 of 366e435a1ea0f597deb6ebe7c0c5acdb6e8b33eb
references
https://www.levelblue.com/blogs/spiderlabs-blog/levelblue-spiderlabs-breaks-down-the-role-of-cyber-operations-taken-in-the-iran-crisis, https://claroty.com/team82/research/inside-a-new-ot-iot-cyber-weapon-iocontrol, https://krypt3ia.wordpress.com/2026/04/30/threat-intelligence-report-irgc-affiliated-ot-iot-malware-evolution/, IOCs.2026.2.csv, IOCs.2026.1.csv, https://bazaar.abuse.ch/export/csv/recent/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 9 days ago
Appeared in 11 threat reports