s1
--:--:--UTC

Searching APEX

Starting…

  1. Searching Threats, IOCs & Threat Intelligence locally
  2. Querying external providers
  3. Asking AI Forensic Validator
  4. Creating new entry from validated hit

0s elapsed

MB-f04a8fc48dbecbb3adbc53296989342d855304f4b2198e884835c0091f457493 high

📛 Threat Title

Unknown: iran.mipsel

Category: Unknown Published: Source updated: First seen: Last updated: Source: Abuse.ch

Description

File type: elf. Size: 170148 bytes. Tags: elf. Reporter: abuse_ch. First seen: 2026-06-13 15:09:43.

Remediations (10)

  • January 06, 2026 - ASEC
    web:asec.ahnlab.com

    January 06, 2026 ASEC Stay ahead of emerging threats with more actionable insights from AhnLab TIP, our next-generation threat intelligence platform.

  • Stuxnet - Wikipedia
    web:en.wikipedia.org

    Stuxnet is a malicious computer worm first uncovered on 17 June 2010 [2] and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the Iran nuclear program after it was first installed on a computer at the Natanz Nuclear Facility in 2009. [3][4 ...

  • PDF Iranian Cyber Actors Brute Force and Credential Access Activity ...
    web:media.defense.gov

    Since October 2023, Iranian actors have used brute force, such as password spraying, and multi-factor authentication (MFA) 'push bombing' to compromise user accounts and obtain access to organizations. The actors frequently modified MFA registrations, enabling persistent access. The actors performed discovery on the compromised networks to obtain additional credentials and identify other ...

  • PDF Iran Conflict: Cyber Operations & Global Implications
    web:thrivenextgen.com

    2.1 The Iran Conflict: Strategic Cyber Implications The current military conflict involving Iran has fundamentally altered the cyber threat landscape across the Middle East and globally. Historically, Iranian military pressure has been directly coupled with escalated cyber operations — Iran's APT ecosystem functions as an instrument of state power, enabling asymmetric retaliation ...

  • URLhaus | http://45.84.199.79/iran.mipsel
    web:urlhaus.abuse.ch

    Payload delivery The table below documents all payloads that URLhaus retrieved from this particular URL.

  • Technical Approaches to Uncovering and Remediating Malicious ... - CISA
    web:www.cisa.gov

    It highlights technical approaches to uncovering malicious activity and includes mitigation steps according to best practices. The purpose of this report is to enhance incident response among partners and network administrators along with serving as a playbook for incident investigation.

  • How to Defend Against Iran's Cyber Retaliation Playbook
    web:www.cisecurity.org

    Security leaders must give equal weight to the cyber dimension following U.S.-Israeli kinetic activity against Iran. Here's our recommendations.

  • Missiles, Malware, and Misinformation: The Cyber Fallout of the Iran ...
    web:www.enterprisesecuritytech.com

    Following Israel's Operation Rising Lion in June 2025, where it conducted preemptive airstrikes on Iranian nuclear infrastructure, Iran retaliated not just with missiles but with bytes. The cyber blowback unfolded as an unrelenting torrent of phishing campaigns, DDoS attacks, disinformation barrages, and financial infrastructure disruptions, marking an unprecedented escalation of cyber ...

  • Automated Malware Analysis Report for iran.mipsel.elf - Generated by ...
    web:www.joesandbox.com

    ELF contains segments with high entropy indicating compressed/encrypted content

  • Linux Analysis Report iran.mipsel.elf
    web:www.joesandbox.com

    Signatures Antivirus / Scanner detection for submitted sample Multi AV Scanner detection for submitted file Sample deletes itself Detected TCP or UDP traffic on non-standard ports Enumerates processes within the "proc" file system Executes the "rm" command used to delete files or directories Sample has stripped symbol table Uses the "uname" system call to query kernel version information ...

Indicators of Compromise (3)

Each indicator is enriched from the IOC database, threat-intel feed corroboration (Threat Hunt) and VirusTotal. Click one to expand.

hash_sha256 f04a8fc48dbecbb3adbc53296989342d855304f4b2198e884835c0091f457493

IOC database

Type
hash_sha256
Value
f04a8fc48dbecbb3adbc53296989342d855304f4b2198e884835c0091f457493
First seen
Last seen
Attached to this threat
Appears in
1 threat
Description
Unknown

Open the full IOC page →

Threat Hunt — feed corroboration

Not present in any configured threat-intel feed.

Details From VirusTotal

No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.

hash_sha1 872d11e10257b731fe4917bba0c5b34ac7262a28

IOC database

Type
hash_sha1
Value
872d11e10257b731fe4917bba0c5b34ac7262a28
First seen
Last seen
Attached to this threat
Appears in
1 threat

Open the full IOC page →

Threat Hunt — feed corroboration

Not present in any configured threat-intel feed.

Details From VirusTotal

No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.

hash_md5 9dfff43f6c6f5904d24a4566cc43463b

IOC database

Type
hash_md5
Value
9dfff43f6c6f5904d24a4566cc43463b
First seen
Last seen
Attached to this threat
Appears in
1 threat

Open the full IOC page →

Threat Hunt — feed corroboration

Not present in any configured threat-intel feed.

Details From VirusTotal

No VirusTotal details cached for this IOC. Open the IOC page to query VirusTotal.

References (1)

  • MalwareBazaar sample page Abuse.ch

    File type: elf. Size: 170148 bytes. Tags: elf. Reporter: abuse_ch. First seen: 2026-06-13 15:09:43.

AI Forensic Analysis

Only Available for Registered Users. Sign in to view.