← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Investigating Iranian Intrusion into Strategic Middle East Critical Infrastructure
WHITE Lemon Sandstorm Tr1sa111 2025-05-12 Modified: 2025-06-05
25
IOCs
MEDIUM VOLUME
aptcredinterceptorcustom malwaresystembccredential harvestingcve-2023-38950remoteinjectorhxlibraryhavoccve-2023-38951critical infrastructurehanifnetcve-2023-38952proxy chaininglateral movementweb shellsneoexpressrat
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (25)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 07c088076837446ada5642bd32500627 2025-05-12
FileHash-MD5 0deb2283bbf8aa6c644f6b0a6d3301c3 2025-05-12
FileHash-MD5 1abe72aa26aa9dafe5e95dcbdb5b02c2 2025-05-12
FileHash-MD5 27ae97933a4dd955a7e928be0efa3619 2025-05-12
FileHash-MD5 9cd02fc79207fdc2fc783889049f32bc 2025-05-12
FileHash-MD5 a841c8179ac48bdc2ebf1e646d4f552d 2025-05-12
FileHash-SHA1 5cbde184bd95db80df89bbae7f6af6cc318b5a1a 2025-05-12
FileHash-SHA1 8b22352c9c7c13cc9e0f0d42e74d8def0bbf8d6b 2025-05-12
FileHash-SHA1 f38b0498102d2e2fc5472593ece32cd700d82334 2025-05-12
FileHash-SHA256 84a1ef61993e15722bd6f2eb3f40ced6164332336be70817dd751abeccf30498 2025-05-12
domain amazonaws.work 2025-05-12
domain appstgs.com 2025-05-12
domain encoremir.com 2025-05-12
domain githubapp.net 2025-05-12
domain gupdate.net 2025-05-12
domain hewlettpackardupdates.info 2025-05-12
domain savooks.com 2025-05-12
domain supportskype.com 2025-05-12
hostname apps.gist.githubapp.net 2025-05-12
hostname cdn.gupdate.net 2025-05-12
hostname cdn.update.net 2025-05-12
hostname cluster.amazonaws.work 2025-05-12
hostname connect.mozilla.one 2025-05-12
hostname s3.amazonaws.work 2025-05-12
hostname s3.solarcom.ch 2025-05-12
References (1)
↗ https://www.fortinet.com/content/dam/fortinet/assets/reports/report-incident-response-middle-east.pdf