← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations
WHITE AlienVault 2022-08-05 Modified: 2022-08-05
51
IOCs
HIGH VOLUME
Researchers identified the ROADSWEEP ransomware family and a Telegram persona which targeted the Albanian government in a politically motivated disruptive operation ahead of an Iranian opposition organization’s conference in late July 2022.
chimneysweeproadsweepwiperirantelegram
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
ROADSWEEP CHIMNEYSWEEP
Indicators of Compromise (5 / 51 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL YARA domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 5c31d1f89e55b88ee964cd0a951204ec751afb3b SHA1 of 92c61e3047297136701c25deb658b35a 2022-08-05
FileHash-SHA1 5d117d8ef075f3f8ed1d4edcc0771a2a0886a376 SHA1 of bbe983dba3bf319621b447618548b740 2022-08-05
FileHash-SHA1 9b020dd3a60a60613d9d4a42408d317cc3cda4b3 SHA1 of 77a369e5e49e7e62d8eef2c00cd02950 SHA1 of 77a369e5e49e7e62d8eef2c00cd02950 2022-08-05
FileHash-SHA1 f1f28bb361734bff3ca5715cc2b8dca54f0e2595 SHA1 of 49d72f9212d5653f5be9f764d8c9df24 2022-08-05
FileHash-SHA1 f22a7ec80fbfdc4d8ed796119c76bfac01e0a908 SHA1 of 7b71764236f244ae971742ee1bc6b098 2022-08-05
References (1)
↗ https://www.mandiant.com/resources/likely-iranian-threat-actor-conducts-politically-motivated-disruptive-activity-against