← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Threat Actor Activity Related to the Iran Conflict
WHITE PetrP.73 2025-07-14 Modified: 2025-08-13
77
IOCs
HIGH VOLUME
Recent observations from Nozomi Networks Labs highlight a significant escalation in cyberattacks attributed to Iranian threat actor groups, particularly targeting U.S. organizations in the transportation and manufacturing sectors. A 133% increase in activity was noted between May and June, with a total of 28 attacks reported during this period, compared to 12 in the preceding two months. The primary actors involved include MuddyWater, APT33, OilRig, CyberAv3ngers, Fox Kitten, and Homeland Justice. MuddyWater, the most active of these groups, focuses on government and critical sectors, having successfully targeted at least five U.S. companies. APT33 has also shown notable activity, conducting attacks against three U.S. companies primarily engaged in aerospace and petrochemicals. Other groups, such as OilRig, CyberAv3ngers, Fox Kitten, and Homeland Justice, have each executed attacks against two U.S. firms, again emphasizing the concentration on transportation and manufacturing.
nozomi networksnozomi threatintelligencelabsapt33iranjunemuddywateroilrigcyberav3ngersapril
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (77)
All FileHash-SHA256 domain hostname URL
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 c340e3d3ae7f769b4e88204dd08aa0f7b0145dffafe164d8e09c39b5a6d0d7cb 2025-07-14
domain amazonaws.work 2025-07-14
hostname cluster.amazonaws.work 2025-07-14
hostname kxsw.devilaguo.org 2025-07-14
hostname my.jediliao.xyz 2025-07-14
hostname www.rainbye.com 2025-07-14
URL http://cluster.amazonaws.work/ 2025-07-14
FileHash-SHA256 5b31dbd9a925459355459c9f8d72bd81c49c2842e6fc211c32138b354566f100 2025-07-14
FileHash-SHA256 9a32cdc7e68af6220b82c21e76d1eda4a4a822df3fc75dc642538c1ef4f50901 2025-07-14
FileHash-SHA256 9c01f2c810c808a60cb258fd8392bc3170fb96c3dddf909453c7df3720968c58 2025-07-14
FileHash-SHA256 a82a88c2b3717a73db75ed3dba0eccfbe4c916841acc73ee3726bbbadf4ef819 2025-07-14
FileHash-SHA256 d49936b037eb6ad03ca37d81a0dfc69946e36c380d6f3129319eb8afa1dcdb53 2025-07-14
domain currentbootstrapcdn.com 2025-07-14
domain folowono.com 2025-07-14
hostname ftp.currentbootstrapcdn.com 2025-07-14
domain hosysix.shop 2025-07-14
hostname smtp1.currentbootstrapcdn.com 2025-07-14
hostname smtp1.currentbootstrapcdn.com.currentbootstrapcdn.com 2025-07-14
hostname smtp10.currentbootstrapcdn.com 2025-07-14
URL http://164.132.237.65/bit/ 2025-07-14
URL http://164.132.237.65/bit/Erjkzke.vdf 2025-07-14
URL http://164.132.237.65/bit/Fheimeazou.dat 2025-07-14
URL http://164.132.237.65/bit/Kxagk.mp3 2025-07-14
URL http://164.132.237.65/bit/Lmzlf.mp4 2025-07-14
URL http://164.132.237.65/bit/Wjmal.mp3 2025-07-14
URL http://164.132.237.65/bit/Wjmal.mp3C 2025-07-14
URL http://164.132.237.65/bit/h 2025-07-14
URL http://164.132.237.65/cr/ 2025-07-14
URL http://164.132.237.65/cr/Kwoxd.vdf 2025-07-14
URL http://164.132.237.65/cr/Myxwffd.mp4 2025-07-14
URL http://164.132.237.65/cr/Wnayfusbuuz.vdf 2025-07-14
URL http://164.132.237.65/iri/ 2025-07-14
URL http://164.132.237.65/iri/Mhcyvew.dat 2025-07-14
URL http://164.132.237.65/iri/Mhcyvew.dat$DF 2025-07-14
URL http://164.132.237.65/iri/mhcyvew.dat 2025-07-14
URL http://164.132.237.65:22 2025-07-14
URL https://164.132.237.65:10443 2025-07-14
URL https://164.132.237.65:22 2025-07-14
hostname c20.jdk.cdn-external-ie.1e100.alkamaihd.net 2025-07-14
domain essay-ok.com 2025-07-14
domain essaywriter.ml 2025-07-14
domain jakescornerthemovie.com 2025-07-14
hostname static.c20.jdk.cdn-external-ie.1e100.tech 2025-07-14
domain supertastenyc.com 2025-07-14
URL http://essay-ok.com/ 2025-07-14
URL http://essaywriter.ml/buyanessay/methods-of-essay-writing.php 2025-07-14
URL http://essaywriter.ml/essaypay/writing-analytical-essays.php 2025-07-14
URL http://supertastenyc.com/ 2025-07-14
hostname ns2.office365-management.com 2025-07-14
domain kafbin.com 2025-07-14
hostname ns1.office365-management.com 2025-07-14
domain office365-management.com 2025-07-14
URL http://office365-management.com 2025-07-14
hostname 5-199-133-149.l1s.saturn.ms 2025-07-14
hostname devpn.pser.xyz 2025-07-14
hostname devpn.pserv.xyz 2025-07-14
URL http://5.199.133.149/A 2025-07-14
URL http://5.199.133.149/T 2025-07-14
URL http://5.199.133.149/d 2025-07-14
URL http://5.199.133.149/ex: 2025-07-14
URL http://5.199.133.149/jznkmustntblvmdvgcwbvqb 2025-07-14
URL http://5.199.133.149/jznkmustntblvmdvgcwbvqbpback__whalevailable. 2025-07-14
URL http://5.199.133.149/jznkmustntblvmdvgcwbvqby 2025-07-14
URL http://5.199.133.149/oeajgyxyxclqmfqayv 2025-07-14
URL http://5.199.133.149/u 2025-07-14
URL http://5.199.133.149:443 2025-07-14
URL http://5.199.133.149:80 2025-07-14
URL https://5.199.133.149/jznkmustntblvmdvgcwbvqb,2023-04-12 2025-07-14
URL https://5.199.133.149:443 2025-07-14
domain beth-el-group.com 2025-07-14
domain mandellibrary.online 2025-07-14
hostname rainbow.beind.co.il 2025-07-14
URL https://beth-el-group.com/ 2025-07-14
URL https://www.beth-el-group.com/ 2025-07-14
hostname uuokhhfsdlk.tylarion867mino.com 2025-07-14
domain bezir.co 2025-07-14
hostname ru.bezir.co 2025-07-14
References (1)
↗ https://www.nozominetworks.com/blog/threat-actor-activity-related-to-the-iran-conflict