← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Iran conflict drives heightened espionage activity against Middle East targets
WHITE AlienVault 2026-03-11 Modified: 2026-03-16
36
IOCs
MEDIUM VOLUME
The ongoing conflict involving Iran has led to increased cyber espionage activities targeting Middle Eastern governments. Multiple state-sponsored threat actors, including those from China, Belarus, Pakistan, and Hamas, have been observed conducting campaigns using the conflict as a lure. These actors are employing various tactics such as credential phishing, malware delivery, and compromised accounts to target government and diplomatic organizations. The campaigns often use war-themed content to engage targets and gather intelligence on the conflict's trajectory and geopolitical implications. Iranian threat actors continue their traditional espionage efforts alongside disruptive campaigns in support of war efforts. This heightened activity reflects both opportunistic use of topical lures and shifts in intelligence collection priorities for various state-aligned groups.
rust backdooriran conflictcobalt strikephishingcyber espionagestate-sponsored actorsgovernment targets
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Cobalt Strike - S0154 Rust backdoor
Indicators of Compromise (36)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0456842d1af5760356e52db387f8897f 2026-03-11
FileHash-SHA1 60344a3a5ad950450cd798f585571d29f13f2dbb 2026-03-11
FileHash-SHA256 14efa1194cc4c6aa5585d63c032268794364123d41a01121cbd5e56f7c313399 2026-03-11
FileHash-SHA256 16db04b632668dae081359fc07c97e5a9b79dad61713642e48b494aa6b7828be 2026-03-11
FileHash-SHA256 4b9661092051839496c04169ccb52b659c0f65cefd14a990e23565a0c0e8eeaf 2026-03-11
FileHash-SHA256 7b6d69a249fe2adf43eefc31cdeca62cf48ab428fcbf199322feeb99d24fb001 2026-03-11
FileHash-SHA256 9477d9cd1435dc465b4047745e9c71103a114d65ed0d5f02ac3c97ac3f1dbf47 2026-03-11
FileHash-SHA256 a8acb9864e6f64323ed75e69038ca9bfe76f7b1b0d24ec7df8ac07b6dbd641a3 2026-03-11
FileHash-SHA256 a9de383c6a1b00c9bd5a09ef87440d72ec7fc4bcd781207b3cace2f246788d4d 2026-03-11
FileHash-SHA256 a9f4f4bc12896d0f0d2eeff02dd3e3e1c1406d8a6d22d59aa85f151d806ba390 2026-03-11
FileHash-SHA256 b58ec14b0119182aef12d153280962ad76c30e3cd67533177d55481704eba705 2026-03-11
FileHash-SHA256 d518262dd687a48f273966853f3ed4eb7404eb918b165bb71ff83f75962c0104 2026-03-11
FileHash-SHA256 dfaaaf75147afbd57844382c953ec7ef36f68a9c17c66a47a847279a6b1109c9 2026-03-11
FileHash-SHA256 ea1d98a41ad9343d017fa72f4baeeca0daa688bec6e0508e266c5e37e9d330de 2026-03-11
FileHash-SHA256 fed6ebb87f7388adf527076b07e81dfa432bac4e899b0d7af17b85cc0205ffad 2026-03-11
URL https://deepdive.hypernas.com/hypernas/api/page.php?uid= 2026-03-11
URL https://defenceprodindia.site/server.php?file=Reader_en_install 2026-03-11
URL https://iran.dashboard.1drvms.store/errors/sessionerrors/expire?client= 2026-03-11
URL https://iran.dashboard.1drvms.store/errors/sessionerrors/expire?client=[redacted] 2026-03-11
URL https://mail.iwsmailserver.com/owa/auth/logon.aspx?uid= 2026-03-11
URL https://unityprogressall.org/imagecontent/getimgcontent.php?id= 2026-03-11
domain 1drvms.store 2026-03-11
domain almersalstore.com 2026-03-11
domain defenceprodindia.site 2026-03-11
domain iwsmailserver.com 2026-03-11
domain transfergocompany.com 2026-03-11
domain unityprogressall.org 2026-03-11
domain med.gov.sy 2026-03-11
domain mofa.gov.iq 2026-03-11
domain denika.se 2026-03-11
domain elcat.kg 2026-03-11
hostname deepdive.hypernas.com 2026-03-11
hostname iran.dashboard.1drvms.store 2026-03-11
hostname mail.iwsmailserver.com 2026-03-11
hostname support.almersalstore.com 2026-03-11
hostname war.analyse.ltd 2026-03-11
References (1)
↗ https://www.proofpoint.com/us/blog/threat-insight/iran-conflict-drives-heightened-espionage-activity-against-middle-east-targets