← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns
WHITE celestre 2026-05-25 Modified: 2026-05-25
22
IOCs
MEDIUM VOLUME
Unit 42 researchers have observed evidence of cyberattacks by the Iran-nexus advanced persistent threat (APT) group Screening Serpens (aka UNC1549, Smoke Sandstorm and Iranian Dream Job). Based on our visibility, we believe that the group targeted entities in the U.S., Israel and the United Arab Emirates, and likely two additional Middle Eastern entities.
miniupdateurlsredactedsha256 hashesus campaignisrael campaignuae campaignminijunk v2
Indicators of Compromise (5 / 22 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 3106848925a39b9d51f9ad9f5963e417 MD5 of 9cf029daca89523d917dafed0568d11d00e45ec96b5b90b4a1f7fd4018c7da84 2026-05-25
FileHash-MD5 628d831989787ee1b4ffee611cb2014b MD5 of 332ba2f0297dfb1599adecc3e9067893e7cf243aa23aedce4906a4c480574c17 2026-05-25
FileHash-MD5 810f8e3b88eb05f710c09552941d6f56 MD5 of 0db36a04d304ad96f9e6f97b531934594cd95a5cea9ff2c9af249201089dc864 2026-05-25
FileHash-MD5 cdbe76cdfdec8f7c09781b2ef0fdb7f4 MD5 of b19e06da580cf91691eda066ac9ee4b09c6e5dc26c367af12660fe1f9306eec4 2026-05-25
FileHash-MD5 edcdba624ddb43c2a1dcf334aa493068 2026-05-25
References (1)
↗ https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/