← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns
WHITE celestre 2026-05-25 Modified: 2026-05-25
22
IOCs
MEDIUM VOLUME
Unit 42 researchers have observed evidence of cyberattacks by the Iran-nexus advanced persistent threat (APT) group Screening Serpens (aka UNC1549, Smoke Sandstorm and Iranian Dream Job). Based on our visibility, we believe that the group targeted entities in the U.S., Israel and the United Arab Emirates, and likely two additional Middle Eastern entities.
miniupdateurlsredactedsha256 hashesus campaignisrael campaignuae campaignminijunk v2
Indicators of Compromise (4 / 22 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 0997b6c2fdc3af2de118db559c92ef510c60a994 SHA1 of b19e06da580cf91691eda066ac9ee4b09c6e5dc26c367af12660fe1f9306eec4 2026-05-25
FileHash-SHA1 67f41dc48bfd0c0597295259bd3c0d3c09dfea34 SHA1 of 332ba2f0297dfb1599adecc3e9067893e7cf243aa23aedce4906a4c480574c17 2026-05-25
FileHash-SHA1 be3b4a74f3872008c4cde0cbe8624e2c15618eaf SHA1 of 9cf029daca89523d917dafed0568d11d00e45ec96b5b90b4a1f7fd4018c7da84 2026-05-25
FileHash-SHA1 da11679653ef33952c3dc8d8850e43d7b8ac884a SHA1 of 0db36a04d304ad96f9e6f97b531934594cd95a5cea9ff2c9af249201089dc864 2026-05-25
References (1)
↗ https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/