MB-69060d0657a35a5290e59c93e815075ada72fba5e9ada1a42cafbd9b6cb29a4f high

Description

File type: elf. Size: 129700 bytes. Tags: elf. Reporter: abuse_ch. First seen: 2026-06-13 15:09:50.

• Iranian-Affiliated Cyber Actors Target Programmable Logic Controllers ...
  web:logisticsviewpoints.com

  Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity targeting internet-facing operational technology (OT) devices, including programmable logic controllers (PLCs) manufactured by Rockwell Automation/Allen-Bradley.

  2026-06-14 09:01 UTC
• PDF Iranian Cyber Actors Brute Force and Credential Access Activity ...
  web:media.defense.gov

  Since October 2023, Iranian actors have used brute force, such as password spraying, and multi-factor authentication (MFA) 'push bombing' to compromise user accounts and obtain access to organizations. The actors frequently modified MFA registrations, enabling persistent access. The actors performed discovery on the compromised networks to obtain additional credentials and identify other ...

  2026-06-14 09:01 UTC
• Iran-Linked Hackers Disrupt US Critical Infrastructure via PLC Attacks
  web:radar.offseq.com

  Detailed information about Iran-Linked Hackers Disrupt US Critical Infrastructure via PLC Attacks. Get real-time updates, technical details, and mitigation stra

  2026-06-14 09:01 UTC
• Iran Exploiting Programmable Logic Controllers Across US Critical ...
  web:redskyalliance.org

  Release Date: 7 April 2026 CISA Alert Code: AA26-097A Title Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure Original Publication 7 April 2026 Executive Summary Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity targeting internet-facing operational technology (OT) devices, including programmable ...

  2026-06-14 09:01 UTC
• Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)
  web:unit42.paloaltonetworks.com

  For details on Unit 42's previous observations of cyber activity linked to Iran-backed groups and hacktivists, see the Threat Brief: Escalation of Cyber Risk Related to Iran (Updated June 30).

  2026-06-14 09:01 UTC
• URLhaus | http://31.59.104.25/iran.powerpc
  web:urlhaus.abuse.ch

  Payload delivery The table below documents all payloads that URLhaus retrieved from this particular URL.

  2026-06-14 09:01 UTC
• Iranian-Affiliated Cyber Actors Exploit Programmable Logic ... - CISA
  web:www.cisa.gov

  Background Information Similar Historical Activity Targeting Programmable Logic Controllers During a similar campaign beginning in November 2023, the IRGC CEC-affiliated cyber threat actors known as "CyberAv3ngers" targeted U.S.-based PLCs and HMIs, causing disruptive effects. Private industry and open sources also refer to this group as Hydro Kitten, Storm-0784, APT Iran, Bauxite, Mr. Soul ...

  2026-06-14 09:01 UTC
• How to Defend Against Iran's Cyber Retaliation Playbook
  web:www.cisecurity.org

  Security leaders must give equal weight to the cyber dimension following U.S.-Israeli kinetic activity against Iran. Here's our recommendations.

  2026-06-14 09:01 UTC
• PDF Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers ...
  web:www.ic3.gov

  Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure Publication: April 7, 2026

  2026-06-14 09:01 UTC
• Automated Malware Analysis Report for iran.powerpc.elf - Generated by ...
  web:www.joesandbox.com

  Executes the "rm" command used to delete files or directories

  2026-06-14 09:01 UTC

Indicators of Compromise (3)

Each indicator is enriched from the IOC database, threat-intel feed corroboration (Threat Hunt) and VirusTotal. Click one to expand.

References (1)

• MalwareBazaar sample page Abuse.ch

  File type: elf. Size: 129700 bytes. Tags: elf. Reporter: abuse_ch. First seen: 2026-06-13 15:09:50.

Only Available for Registered Users. Sign in to view.