Pulse Detail — Threat Intelligence

PULSE NAME

Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations

WHITE AlienVault 2022-08-05 Modified: 2022-08-05

IOCs

HIGH VOLUME

↓ CSV ↓ JSON

Researchers identified the ROADSWEEP ransomware family and a Telegram persona which targeted the Albanian government in a politically motivated disruptive operation ahead of an Iranian opposition organization’s conference in late July 2022.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1059 T1553 T1560 T1574 T1547 T1053 T1127 T1561 T1140 T1490 T1106 T1566 T1573 T1056 T1007 T1012 T1027 T1033 T1055 T1057 T1070 T1082 T1083 T1087 T1112 T1113 T1134 T1489 T1497 T1518 T1543 T1569

MALWARE FAMILIES

ROADSWEEP CHIMNEYSWEEP

Indicators of Compromise (5 / 51 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL YARA domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA256	29e9fd62b86cb3ba6a5e0bd0189ef2567538f8a8d925effdeac6487a72556b54	SHA256 of 49d72f9212d5653f5be9f764d8c9df24	2022-08-05
FileHash-SHA256	3d0d93f651ee7b407024e5ad51b4e79408b72fb77bfd71cddeac8be3642439d7	SHA256 of 77a369e5e49e7e62d8eef2c00cd02950 SHA256 of 77a369e5e49e7e62d8eef2c00cd02950	2022-08-05
FileHash-SHA256	88b013c5fbd2751fbd9f2184a8892c71ffca69843e7de53e826c6bd658ae8d72	SHA256 of 92c61e3047297136701c25deb658b35a	2022-08-05
FileHash-SHA256	e1204ebbd8f15dbf5f2e41dddc5337e3182fc4daf75b05acc948b8b965480ca0	SHA256 of 7b71764236f244ae971742ee1bc6b098	2022-08-05
FileHash-SHA256	f116acc6508843f59e59fb5a8d643370dce82f492a217764521f46a856cc4cb5	SHA256 of bbe983dba3bf319621b447618548b740	2022-08-05

References (1)

↗ https://www.mandiant.com/resources/likely-iranian-threat-actor-conducts-politically-motivated-disruptive-activity-against