← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Crossed wires: a case study of Iranian espionage and attribution
WHITE UNK_SmudgedSerpent AlienVault 2025-11-05 Modified: 2025-11-05
58
IOCs
HIGH VOLUME
This analysis examines a newly identified threat actor dubbed UNK_SmudgedSerpent that targeted academics and foreign policy experts between June and August 2025. The actor used domestic political lures related to Iran, benign conversation starters, health-themed infrastructure, and Remote Management & Monitoring tools. The investigation revealed overlapping tactics with several Iranian threat groups, including TA455, TA453, and TA450. While attribution remains uncertain, the targeting and techniques align with Iranian intelligence priorities. The analysis explores possible explanations for the convergence of tactics, such as shared resources, personnel mobility, or collaboration between Iranian agencies.
credential harvestingisl onlineminibikermm toolsphishingoverlapping ttpspolicy experts targetingminijunkespionagepdqconnectattribution challengesiranian threat actor
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (58)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 f63ceb9f6b3a28b6858976e5549d3247 2025-11-05
FileHash-SHA1 a5c2c51b82a65b892d41bd75883cf0adc4fc47a4 2025-11-05
FileHash-SHA256 0bdb64fc1d5533f7b3fffaf821e89f286ad2d7400a914f21abdcbb7bb8a39e63 2025-11-05
FileHash-SHA256 0fcdaa2f4db94e0589617830d3d80430627815ef0e4b0c7b7ff5c1ebb82a4136 2025-11-05
FileHash-SHA256 129a40e38ef075c7d33d8517b268eb023093c765a32e406b58f39fab6cc6a040 2025-11-05
FileHash-SHA256 1e9c31ce0eba2100d416f5bc3b97dafe2da0d3d9aee96de59ec774365fe3fe89 2025-11-05
FileHash-SHA256 6eb7df21d6f1e3546c252a112504eefbb19205167db89038f2861118bbc8871c 2025-11-05
FileHash-SHA256 7b5fb8202bff90398ab007579713f66430778249e43b46f35df6c3ded628f129 2025-11-05
FileHash-SHA256 cac018dccdf6ce4bef19ab71e3e737724aed104bc824332a5213c878b065ff50 2025-11-05
domain accountroyal.com 2025-11-05
domain airbusaerodefence.com 2025-11-05
domain airbusaerodefence.nl 2025-11-05
domain airbusgroup-careers.com 2025-11-05
domain airbushiring.com 2025-11-05
domain alwayslivehealthy.com 2025-11-05
domain anteromarketing.com 2025-11-05
domain asiandefenses.com 2025-11-05
domain bodywellnessbycynthia.com 2025-11-05
domain boeingspace.com 2025-11-05
domain careers-hub.org 2025-11-05
domain careers-portal.org 2025-11-05
domain careers2find.com 2025-11-05
domain careersworld.org 2025-11-05
domain chakracleansetherapy.com 2025-11-05
domain clearmindhealthandwellness.com 2025-11-05
domain droneflywell.com 2025-11-05
domain dronetechasia.org 2025-11-05
domain easymarketing101.com 2025-11-05
domain ebixcareers.com 2025-11-05
domain ehealthpsuluth.com 2025-11-05
domain emiratescareers.org 2025-11-05
domain emiratesgroup-careers.com 2025-11-05
domain flydubai-careers.com 2025-11-05
domain germanywork.org 2025-11-05
domain gocareers.org 2025-11-05
domain healthcrescent.com 2025-11-05
domain healthiestmama.com 2025-11-05
domain healthinfusiontherapy.com 2025-11-05
domain jadehealthcenter.com 2025-11-05
domain joinboeing.com 2025-11-05
domain kibanacore.com 2025-11-05
domain marketinglw.com 2025-11-05
domain mosaichealthsolutions.com 2025-11-05
domain msnapp.help 2025-11-05
domain msnapp.live 2025-11-05
domain msnclouds.com 2025-11-05
domain opportunities2get.com 2025-11-05
domain palaerospace.careers 2025-11-05
domain rhealthylivingsolutions.com 2025-11-05
domain rheinmetallcareer.org 2025-11-05
domain rheinmetallcareers.com 2025-11-05
domain thebesthomehealth.com 2025-11-05
domain thecareershub.org 2025-11-05
domain uavnodes.com 2025-11-05
domain usa-careers.com 2025-11-05
domain worldcareers.org 2025-11-05
domain zytonhealth.com 2025-11-05
hostname interview.ebixcareers.com 2025-11-05
References (1)
↗ https://www.proofpoint.com/us/blog/threat-insight/crossed-wires-case-study-iranian-espionage-and-attribution