{ "type": "URL", "indicator": "https://164.132.237.65:22", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://164.132.237.65:22", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4091499303, "indicator": "https://164.132.237.65:22", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "6874bb3d32d8c700c4032cb0", "name": "Threat Actor Activity Related to the Iran Conflict", "description": "Recent observations from Nozomi Networks Labs highlight a significant escalation in cyberattacks attributed to Iranian threat actor groups, particularly targeting U.S. organizations in the transportation and manufacturing sectors. A 133% increase in activity was noted between May and June, with a total of 28 attacks reported during this period, compared to 12 in the preceding two months. The primary actors involved include MuddyWater, APT33, OilRig, CyberAv3ngers, Fox Kitten, and Homeland Justice. MuddyWater, the most active of these groups, focuses on government and critical sectors, having successfully targeted at least five U.S. companies. APT33 has also shown notable activity, conducting attacks against three U.S. companies primarily engaged in aerospace and petrochemicals. Other groups, such as OilRig, CyberAv3ngers, Fox Kitten, and Homeland Justice, have each executed attacks against two U.S. firms, again emphasizing the concentration on transportation and manufacturing.", "modified": "2025-08-13T08:00:49.493000", "created": "2025-07-14T08:09:33.706000", "tags": [ "nozomi networks", "nozomi threat", "intelligence", "labs", "apt33", "iran", "june", "muddywater", "oilrig", "cyberav3ngers", "april" ], "references": [ "https://www.nozominetworks.com/blog/threat-actor-activity-related-to-the-iran-conflict" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1192", "name": "Spearphishing Link", "display_name": "T1192 - Spearphishing Link" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1587", "name": "Develop Capabilities", "display_name": "T1587 - Develop Capabilities" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" }, { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1591", "name": "Gather Victim Org Information", "display_name": "T1591 - Gather Victim Org Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 6, "domain": 13, "hostname": 18, "URL": 40 }, "indicator_count": 77, "is_author": false, "is_subscribing": null, "subscriber_count": 546, "modified_text": "294 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.nozominetworks.com/blog/threat-actor-activity-related-to-the-iran-conflict" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 91 } } }, "false_positive": [], "alexa": "", "whois": "http://whois.domaintools.com/164.132.237.65", "domain": "Unavailable", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "6874bb3d32d8c700c4032cb0", "name": "Threat Actor Activity Related to the Iran Conflict", "description": "Recent observations from Nozomi Networks Labs highlight a significant escalation in cyberattacks attributed to Iranian threat actor groups, particularly targeting U.S. organizations in the transportation and manufacturing sectors. A 133% increase in activity was noted between May and June, with a total of 28 attacks reported during this period, compared to 12 in the preceding two months. The primary actors involved include MuddyWater, APT33, OilRig, CyberAv3ngers, Fox Kitten, and Homeland Justice. MuddyWater, the most active of these groups, focuses on government and critical sectors, having successfully targeted at least five U.S. companies. APT33 has also shown notable activity, conducting attacks against three U.S. companies primarily engaged in aerospace and petrochemicals. Other groups, such as OilRig, CyberAv3ngers, Fox Kitten, and Homeland Justice, have each executed attacks against two U.S. firms, again emphasizing the concentration on transportation and manufacturing.", "modified": "2025-08-13T08:00:49.493000", "created": "2025-07-14T08:09:33.706000", "tags": [ "nozomi networks", "nozomi threat", "intelligence", "labs", "apt33", "iran", "june", "muddywater", "oilrig", "cyberav3ngers", "april" ], "references": [ "https://www.nozominetworks.com/blog/threat-actor-activity-related-to-the-iran-conflict" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1192", "name": "Spearphishing Link", "display_name": "T1192 - Spearphishing Link" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1587", "name": "Develop Capabilities", "display_name": "T1587 - Develop Capabilities" }, { "id": "T1588", "name": "Obtain Capabilities", "display_name": "T1588 - Obtain Capabilities" }, { "id": "T1589", "name": "Gather Victim Identity Information", "display_name": "T1589 - Gather Victim Identity Information" }, { "id": "T1591", "name": "Gather Victim Org Information", "display_name": "T1591 - Gather Victim Org Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 6, "domain": 13, "hostname": 18, "URL": 40 }, "indicator_count": 77, "is_author": false, "is_subscribing": null, "subscriber_count": 546, "modified_text": "294 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://164.132.237.65:22", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://164.132.237.65:22", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780506979.2213633 }