← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware
In early 2026, a sophisticated intrusion initially appearing to be a standard Chaos ransomware attack was assessed to be consistent with a targeted state-sponsored operation. While the threat actor operated under the banner of the Chaos ransomware-as-a-service (RaaS) group, forensic analysis revealed the incident was a "false flag" masquerade. Technical artifacts, including a specific code-signing certificate and Command-and-Control (C2) infrastructure, suggest with moderate confidence that this activity is linked to MuddyWater (Seedworm), an Iranian Advanced Persistent Threat (APT) affiliated with the Ministry of Intelligence and Security (MOIS).
Indicators of Compromise (19)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 2115e69f71d9f51a6c6c2effdaee2df2 | MD5 of 3df9dcc45d2a3b1f639e40d47eceeafb229f6d9e7f0adcd8f1731af1563ffb90 | 2026-05-15 | |
| FileHash-MD5 | 439c0a0a46627bd166e08436f383ad56 | MD5 of 24857fe82f454719cd18bcbe19b0cfa5387bee1022008b7f5f3a8be9f05e4d14 | 2026-05-15 | |
| FileHash-MD5 | 7f3c8a7fe78d3d05b6022df3ea0c15fb | MD5 of a92d28f1d32e3a9ab7c3691f8bfca8f7586bb0666adbba47eab3e1a8faf7ecc0 | 2026-05-15 | |
| FileHash-MD5 | f8560b9a893eeb2130fc7159e9c1b851 | MD5 of 1319d474d19eb386841732c728acf0c5fe64aa135101c6ceee1bd0369ecf97b6 | 2026-05-15 | |
| FileHash-MD5 | fdca23f607d0b4ee7ff11da12ad16df7 | MD5 of c86ab27100f2a2939ac0d4a8af511f0a1a8116ba856100aae03bc2ad6cb0f1e0 | 2026-05-15 | |
| FileHash-SHA1 | 0ba2306ec15f7124fafc7615e81f34c7986ba9a5 | SHA1 of a92d28f1d32e3a9ab7c3691f8bfca8f7586bb0666adbba47eab3e1a8faf7ecc0 | 2026-05-15 | |
| FileHash-SHA1 | 4a54b7237dc9fdd745d0d19083a1ce4857c91de4 | SHA1 of 1319d474d19eb386841732c728acf0c5fe64aa135101c6ceee1bd0369ecf97b6 | 2026-05-15 | |
| FileHash-SHA1 | 4ee9b3123f1eec9f2458ad4063e2fa387135c955 | SHA1 of c86ab27100f2a2939ac0d4a8af511f0a1a8116ba856100aae03bc2ad6cb0f1e0 | 2026-05-15 | |
| FileHash-SHA1 | 559052799a52d1b29ac7e87935e9a0c80df5fb16 | SHA1 of 3df9dcc45d2a3b1f639e40d47eceeafb229f6d9e7f0adcd8f1731af1563ffb90 | 2026-05-15 | |
| FileHash-SHA1 | c16099c29ccdb34764e4d15b1dab2d141d159950 | SHA1 of 24857fe82f454719cd18bcbe19b0cfa5387bee1022008b7f5f3a8be9f05e4d14 | 2026-05-15 | |
| FileHash-SHA256 | 1319d474d19eb386841732c728acf0c5fe64aa135101c6ceee1bd0369ecf97b6 | — | 2026-05-15 | |
| FileHash-SHA256 | 24857fe82f454719cd18bcbe19b0cfa5387bee1022008b7f5f3a8be9f05e4d14 | — | 2026-05-15 | |
| FileHash-SHA256 | 3df9dcc45d2a3b1f639e40d47eceeafb229f6d9e7f0adcd8f1731af1563ffb90 | — | 2026-05-15 | |
| FileHash-SHA256 | a92d28f1d32e3a9ab7c3691f8bfca8f7586bb0666adbba47eab3e1a8faf7ecc0 | — | 2026-05-15 | |
| FileHash-SHA256 | c86ab27100f2a2939ac0d4a8af511f0a1a8116ba856100aae03bc2ad6cb0f1e0 | — | 2026-05-15 | |
| domain | adm-pulse.com | — | 2026-05-15 | |
| domain | hptqq2o2qjva7lcaaq67w36jihzivkaitkexorauw7b2yul2z6zozpqd.onion | — | 2026-05-15 | |
| domain | moonzonet.com | — | 2026-05-15 | |
| domain | uploadfiler.com | — | 2026-05-15 |