{
  "name": "Boggy Serpens Threat Assessment",
  "slug": "boggy-serpens-threat-assessment",
  "description": "The Iranian threat group Boggy Serpens, linked to the Ministry of Intelligence and Security, has refined its cyberespionage tactics to focus on trusted relationship compromises and multi-wave targeting of strategic organizations. The group combines social engineering with AI-enhanced malware for long-term persistence, primarily targeting diplomatic and critical infrastructure sectors. Recent campaigns show increased technological capabilities, including AI-generated code and Rust-based tools. Boggy Serpens exploits hijacked accounts to bypass security measures and employs a secondary social engineering prompt to deliver malware. The group's determination is exemplified by a sustained four-wave campaign against a UAE marine and energy company, demonstrating its focus on infiltrating regional maritime infrastructure.",
  "published": "2026-03-17T08:13:38+00:00",
  "created_at": "2026-03-17T08:13:38+00:00",
  "modified_at": "2026-03-17T09:46:54+00:00",
  "created_at_opencti": "2026-03-17T08:13:38+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2026-03-17",
    "ai-enhanced malware",
    "blackbeard",
    "critical-infrastructure",
    "cyberespionage",
    "energy",
    "ghostbackdoor",
    "iranian",
    "lamporat",
    "maritime",
    "nuso",
    "phoenix",
    "social engineering",
    "trusted relationship compromise",
    "udpgangster"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "159.198.66.153"
      },
      {
        "id": "",
        "name": "157.20.182.75"
      },
      {
        "id": "",
        "name": "159.198.68.25"
      },
      {
        "id": "",
        "name": "64.7.198.12"
      },
      {
        "id": "",
        "name": "668dd5b6fb06fe30a98dd59dd802258b45394ccd7cd610f0aaab43d801bf1a1e"
      },
      {
        "id": "",
        "name": "f38a56b8dc0e8a581999621eef65ef497f0ac0d35e953bd94335926f00e9464f"
      },
      {
        "id": "",
        "name": "6f079c1e2655ed391fb8f0b6bfafa126acf905732b5554f38a9d32d0b9ca407d"
      },
      {
        "id": "",
        "name": "84e665a0dfbff74b4c356bfa282c7c253ae3411a8f4d58bfe121c8411c52552c"
      },
      {
        "id": "",
        "name": "1c16b271c0c4e277eb3d1a7795d4746ce80152f04827a4f3c5798aaf4d51f6a1"
      },
      {
        "id": "",
        "name": "156b325231742a73ded4104fbde1c55ad3913d2eaf09b5194ef74c81ee3ba393"
      },
      {
        "id": "",
        "name": "1b9e6fe4b03285b2e768c57e320d84323ac9167598395918d56a12e568b0009a"
      },
      {
        "id": "",
        "name": "0be499354dc498248d27f6d186eb3bb75a607ae4a2c0a6734c76f1a1b7b1d316"
      },
      {
        "id": "",
        "name": "4d2958d93d4650fc4a70f70663fe6943e8c11d61b2824512da296e8fd84e5bb9"
      },
      {
        "id": "",
        "name": "7523e53c979692f9eecff6ec760ac3df5b47f172114286e570b6bba3b2133f58"
      },
      {
        "id": "",
        "name": "2c92c7bf2d6574f9240032ec6adee738edddc2ba8d3207eb102eddf4ab963db0"
      },
      {
        "id": "",
        "name": "69e038b9f3a228f09059bc1ce92b1c5c49396bb70987a38df0fdb39eed380b22"
      },
      {
        "id": "",
        "name": "8d2227f2c53d7e22a57e12c45cecdd43dbec08dbc3ab93e74e6df52cdf80548b"
      },
      {
        "id": "",
        "name": "9c207c51c448f96eaae91241a39c8bb85e2307f2d2a99244763a53176cf4c02f"
      },
      {
        "id": "",
        "name": "47bb271c34210f52e3e08339a0c83688d9e9aa5c7cfc45b3e4bdffd1753f6cb2"
      },
      {
        "id": "",
        "name": "c3afd5ce1ca50a38438bb5026cca27bfbf2d8e786e03f323adceb8ad17517eca"
      },
      {
        "id": "",
        "name": "23f3a98befdff13c802eed32eea754018b8b525ec0dd3afce8459a0287df74ec"
      },
      {
        "id": "",
        "name": "7ea4b307e84c8b32c0220eca13155a4cf66617241f96b8af26ce2db8115e3d53"
      },
      {
        "id": "",
        "name": "4db3645f678fb519b9f529dde41f77944754f574f16a9a845c22d3703da5bed0"
      },
      {
        "id": "",
        "name": "167d5ab70f55c100e51833fbfea44048095889c162e1330df0631423fc547409"
      },
      {
        "id": "",
        "name": "81a6e6416eb7ab6ce6367c6102c031e2ae2730c3c50ab9ce0b8668fec3487848"
      },
      {
        "id": "",
        "name": "5323a573e3f423b69ef965dadb3c059879d718b1c9052038ef749868cf361891"
      },
      {
        "id": "",
        "name": "1bcd8d7dc7bed5873bbdd2822e84e19773a33d659b16587ca9dc6db204447a86"
      },
      {
        "id": "",
        "name": "cc2ec568f978f328b6de112670a1b35ca1f9db377ff32cb9d313a5b2ac3c127b"
      },
      {
        "id": "",
        "name": "0ce54a5a6f061b158e3891aadd03773d0bae220b0316e84fc042a741924b3525"
      },
      {
        "id": "",
        "name": "fc4a7eed5cb18c52265622ac39a5cef31eec101c898b4016874458d2722ec430"
      },
      {
        "id": "",
        "name": "5ec5a2adaa82a983fcc42ed9f720f4e894652bd7bd1f366826a16ac98bb91839"
      },
      {
        "id": "",
        "name": "52d8fb9a11920f27b9a3b43f27c275767a57cdffc95af94b7b66433506287314"
      },
      {
        "id": "",
        "name": "a2001892410e9f34ff0d02c8bc9e7c53b0bd10da58461e1e9eab26bdbf410c79"
      },
      {
        "id": "",
        "name": "c91413ad7c94c0e2694862b9d671d1204873bf65576ba2cb91fbd562a4ccf79b"
      },
      {
        "id": "",
        "name": "b2c52fde1301a3624a9ceb995f2de4112d57fcbc6a4695799aec15af4fa0a122"
      }
    ],
    "malware": [
      {
        "id": "a7f69600-b15e-4fc3-a922-c81bbe02b61c",
        "name": "LampoRAT",
        "slug": "lamporat"
      },
      {
        "id": "legacy:malware:41880ee3438c8787",
        "name": "Phoenix",
        "slug": "phoenix"
      },
      {
        "id": "legacy:malware:9728491aa7de3e61",
        "name": "UDPGangster",
        "slug": "udpgangster"
      },
      {
        "id": "legacy:malware:e87eacd237e85627",
        "name": "BlackBeard",
        "slug": "blackbeard"
      },
      {
        "id": "legacy:malware:0a2dee6396a4c2c2",
        "name": "Nuso",
        "slug": "nuso"
      },
      {
        "id": "legacy:malware:6d920e9aac426551",
        "name": "GhostBackDoor",
        "slug": "ghostbackdoor"
      }
    ],
    "intrusion_sets": [
      {
        "id": "7e7ec113-7772-4a1a-ba7f-b49869ead86c",
        "name": "Boggy Serpens",
        "slug": "boggy-serpens"
      }
    ],
    "attack_patterns": [
      {
        "id": "9f11a241-9abc-4c57-95dd-33955ab08826",
        "name": "T1078"
      },
      {
        "id": "c3af9fd7-d307-4df4-9220-cc627938fb85",
        "name": "T1055"
      },
      {
        "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d",
        "name": "T1566"
      },
      {
        "id": "c9ee9b30-ba84-4c24-95e9-e8242d42af3f",
        "name": "T1071.001"
      },
      {
        "id": "196f2a64-c55b-47a6-8e38-beb76ba700b6",
        "name": "T1204.002"
      },
      {
        "id": "09124a92-c11f-4571-b35b-ab0bce6dd081",
        "name": "T1112"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      },
      {
        "id": "88fa397b-4cc9-42c0-b52d-4108f9630529",
        "name": "T1095"
      },
      {
        "id": "e8422fc8-8365-4a6a-a556-d6ec16cb4e5d",
        "name": "T1574.002"
      },
      {
        "id": "9e784d22-5a6c-4da6-968a-5fab2f019efd",
        "name": "T1059.005"
      },
      {
        "id": "5999052b-e9ae-49e8-9235-d9bf975c22af",
        "name": "T1547.001"
      },
      {
        "id": "6f00068c-812c-4e2b-9100-2cfa86b3aed9",
        "name": "T1132.001"
      },
      {
        "id": "14660ccf-ca6b-42f6-8bca-e1b7a04650b3",
        "name": "T1573.001"
      },
      {
        "id": "0156fcda-e385-4662-b388-086c3e16feec",
        "name": "T1140"
      },
      {
        "id": "e1b18ecf-d74e-4fe6-9bd4-ca6a62e7d818",
        "name": "T1027.002"
      }
    ],
    "vulnerabilities": [
      {
        "id": "",
        "name": "CVE-2026-1731"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Hungary"
      },
      {
        "id": "",
        "name": "Egypt"
      },
      {
        "id": "",
        "name": "Israel"
      },
      {
        "id": "",
        "name": "Saudi Arabia"
      },
      {
        "id": "",
        "name": "Turkmenistan"
      },
      {
        "id": "",
        "name": "Energy"
      },
      {
        "id": "",
        "name": "Finance"
      },
      {
        "id": "",
        "name": "Telecommunications"
      },
      {
        "id": "",
        "name": "Defense"
      },
      {
        "id": "",
        "name": "Government"
      },
      {
        "id": "",
        "name": "maxisteq.org"
      },
      {
        "id": "",
        "name": "codefusiontech.org"
      },
      {
        "id": "",
        "name": "reminders.trahum.org"
      },
      {
        "id": "",
        "name": "screenai.online"
      },
      {
        "id": "",
        "name": "promoverse.org"
      },
      {
        "id": "",
        "name": "bootcamptg.org"
      },
      {
        "id": "",
        "name": "miniquest.org"
      },
      {
        "id": "",
        "name": "stratioai.org"
      }
    ]
  },
  "external_refs": [
    "https://otx.alienvault.com/pulse/69b91b4202446dd5143da7c3",
    "https://unit42.paloaltonetworks.com/boggy-serpens-threat-assessment/",
    "https://unit42.paloaltonetworks.com/wp-content/uploads/2026/03/Boggy-Serpens.png"
  ]
}