IOC Radar
DomainMediumSignal 58/100

ministry.sharedfilescorps.com

Location
Iran, Islamic Republic ofIran, Islamic Republic of
First Seen
Apr 17, 2026
Last Seen
Apr 23, 2026
Apr 17
First Seen
59d ago
Apr 23
Last Seen
54d ago
3
Reports
source reports
58%
Confidence
medium
Found in 3 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
58%
Signal Score
58 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

22 techniques

Feed Intelligence Summary

3 reports58% confidence
3
Source reports
58%
Confidence score
Category tags
acceptactivatoractive scanapis nothingasciiascii textasiabazaarborland delphicalls processcape sandboxclasscnamecofensecommand linecourierdarkgateddosdefense centerdelphidetail infodos borlanddos executabledrops pedump fileexecutable fileexploitation activityfigurefiles cfindformatfull pathgeneric windosguardguest systemharsh patelhttpsindicatorintelinteripv4iranjsonlittle endianmachine summarymalwaremetamiddle eastmitre attackms windowsmsdosmutexes nothingmwdbnetworknetwork capturenetwork infonextnext generationnothingoffsetoverview zenboxparent pidpcappe filepe32 compilerpe32 executablephishingphishmeportprocesses extraprogramqr coderansomwareread filesread registryregistry keysresearchedshellsigmasocketssdeepstylet1010t1018t1036t1047t1055t1055 processt1056t1057t1059t1070t1071t1082t1083t1095t1200t1203t1497t1518t1547t1562t1566t1573t1574textthreat actortickcounttitletor nodeunitedurlsverdictwindowwindows sandboxwireshark pcapx81e x81ex81i x81ix82xec x82xecx83xc4 x83xc4x8be x8bexc1 xxc4 xc4xcaxdb xcaxdbxf3x86 xf3x86xffu xffu

Activity Timeline

1 total obs
Apr 23Apr 23

Threat Activity Heatmap

· Peak: 2026-04-23
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
58
SIGNAL
Signal Score
58%
Confidence
3
Reports
First seenApr 17, 2026
Last seenApr 23, 2026

VirusTotal

Not checked

WHOIS

description
A recent phishing campaign has been identified that exploits the ongoing geopolitical tension involving Iran, leveraging fear to manipulate individuals into divulging sensitive information. The Cofense Phishing Defense Center detected an email masquerading as an emergency alert from government entities like the Ministry of Interior and Civil Defense. This phishing message, labeled as a SEVERE / ACTIVE public safety advisory, instigates panic by warning recipients of imminent threats related to missile attacks, and urges immediate action.
raw
Create date: 2026-03-29 00:00:00 Domain name: sharedfilescorps.com Domain registrar id: 609.0 Domain registrar url: http://sav.com Expiry date: 2027-03-29 00:00:00 Name server 1: yadiel.ns.cloudflare.com Name server 2: beth.ns.cloudflare.com Query time: 2026-03-30 13:12:23 Update date: 2026-03-29 00:00:00

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 month ago · Last seen 1 month ago
Appeared in 3 threat reports