SHA1HighVerifiedSignal 93/100

`3d3cdf7cfc881678febcafb26ae423fe5aa4efec`

Location

Iran, Islamic Republic of

First Seen

Mar 4, 2025

Last Seen

May 23, 2026

Mar 4

First Seen

465d ago

May 23

Last Seen

20d ago

Reports

source reports

93%

Confidence

high

Found in 6 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.

SHA-1 Hash

SHA-1 file hash associated with malicious samples.

MISP Category

Artifacts Dropped

Hash Algorithm

SHA1

Confidence

93%

Signal Score

93 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

40 techniques

Feed Intelligence Summary

6 reports93% confidence

Source reports

93%

Confidence score

Category tags

accessaccountactive scanadded activeaerospace & defensealphvaptasiaattackbankingbitcoinaddressblackcatbotnet activitybrute forcecertcisacivil servicescobalt strikecommand and controlcommunication technologiescommunications networkscontactcorruptcredentialcredential stuffingcredit card servicescritical infrastructurecryptocurrencycsharp streamercybercyber actorsddosdefensedefense contractingdefense logisticsdefense systemsdefense technologydetect-debug-environmentdriveelectronic health recordsemergency servicesencoded urlenergyenergy distributionenergy systemsengineeringexploitationexploitation activityfile-hashfinancefinance and insurancefinancial servicesfinancial systemsfinancial technologygeneratedbotidgeopolitical conflictghostfetchgovernment facilitiesgovernment technologyhealth care and social assistancehealth information technologyhealthcare information systemshospital managementicedidicedid bringsicedid loaderidentity & access exploitationidleimpactindicatorinformation technologyinjection activityiocsiocs: bitcoinaddressiocs: domainiocs: filehashiocs: registryiot securityiraniranian aptiranian apt groupsiranian cyberiranian threat actorslaterallocallong-sleepslotlmalicious activitymalwaremalware deliverymedical servicesmilitary operationsmitre attmobile carriersmobile networksmodify registrymtb descriptionnational securitynetwork sharedntfs fileoil & gasoperating systempackingpatient carepayment processingpedllperuphishingportport8083 domainpower generationpower systemspowershellprocess injectionpublic administrationpublic infrastructurepublic policyransomwareregulatory agenciesrelated pulsesremoteremote servicesrenewable energyresearchedrole titlerun keysserviceshamoonshellsouth americastartupstrongt1020t1021t1021.001t1033t1039t1043t1045t1055t1059t1059.003t1060t1069.001t1071t1071.001t1078t1096t1105t1110t1110.003t1112t1133t1189t1190t1203t1485t1486t1490t1498t1498.001t1498.002t1547.001t1561t1561.002t1566t1566.001t1566.002t1587t1588t1590t1595telecom servicestelecommunicationstempthreat actorthreat group: cleaverthreat group: copykittensthreat group: handalathreat group: leafminerthreat group: oilrigthreat group: ransomhouseticklertimetoolstor nodetransportation networksttpstype indicatorusvulnerability scanwater systemswealth managementwhitewin32 malwarewindowswindows malwarewiper malwareyears ago

Activity Timeline

1 total obs

May 23May 23

Threat Activity Heatmap

· Peak: 2026-05-23

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

93%

Confidence

Reports

First seenMar 4, 2025

Last seenMay 23, 2026

Verified IOC

VirusTotal

Not checked

WHOIS

description: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
references: https://www.levelblue.com/blogs/spiderlabs-blog/levelblue-spiderlabs-breaks-down-the-role-of-cyber-operations-taken-in-the-iran-crisis, https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-290a, IOCs.2026.1.csv, IOCs.2026.2.csv, https://labs.inquest.net/iocdb

`3d3cdf7cfc881678febcafb26ae423fe5aa4efec`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy