{
  "name": "Seqrite: Advisory: Middle East Conflict & Cyber Escalation",
  "slug": "seqrite-advisory-middle-east-conflict-cyber-escalation",
  "description": "Iran\u2019s cyber ecosystem operates through a layered structure that combines state-directed APT groups (IRGC-linked and MOIS-linked); semi-official contractors and front entities; hacktivist personas and collectives operated by intelligence services; and ideologically aligned foreign collectives operating in parallel. The Stryker Corporation attack on March 11, 2026 marked a significant escalation: a destructive wiper operation against the US, executed without malware by abusing legitimate MDM infrastructure representing a qualitative shift in Iranian operational capability and willingness to target Western corporate infrastructure.",
  "published": "2026-04-06T15:04:37.387000+00:00",
  "created_at": "2026-04-06T21:18:49.502000+00:00",
  "modified_at": "2026-04-06T19:18:49+00:00",
  "created_at_opencti": "2026-04-06T21:18:49.502000+00:00",
  "author": "AlienVault",
  "confidence": 100,
  "report_types": [
    "threat-report"
  ],
  "labels": [
    "apt",
    "government",
    "iran",
    "muddywater",
    "seedworm",
    "stryker"
  ],
  "tags": [
    "2026-04-06",
    "apt",
    "government",
    "iran",
    "muddywater",
    "seedworm",
    "stryker"
  ],
  "related_entities": {
    "vulnerabilities": [
      {
        "id": "3c423003-bbb0-449d-8849-989668c115e4",
        "name": "CVE-2023-6895"
      },
      {
        "id": "8bbe5478-0d1b-4bfe-a5fc-85b5d0921ad6",
        "name": "CVE-2017-7921"
      }
    ],
    "indicators": [
      {
        "id": "0e00b9e6-1c2d-4a8a-aedc-c995323aa724",
        "name": "tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io"
      },
      {
        "id": "7eb2b80a-673b-4b77-8039-c08748766f4c",
        "name": "filebulldogs.com"
      },
      {
        "id": "8c2e9432-72e4-46b4-9de9-ac794f4e0edb",
        "name": "e-kflower.com"
      },
      {
        "id": "e506c895-34b5-413d-ae5c-3740e15848c6",
        "name": "172.81.60.97"
      }
    ],
    "intrusion_sets": [
      {
        "id": "0abae7ea-2023-4594-b7a8-e257f29bfade",
        "name": "Stryker",
        "slug": "stryker"
      }
    ],
    "observables": [
      {
        "id": "95097888-819b-4903-9504-44d9e8e8b403",
        "name": "filebulldogs.com"
      },
      {
        "id": "c1f83c3c-f29e-4fca-814b-415a43d41b71",
        "name": "e-kflower.com"
      },
      {
        "id": "ec855248-33c9-48ff-a100-24249e87d707",
        "name": "tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io"
      },
      {
        "id": "2d8845e4-4362-48c2-9ffc-1bdd51399fa8",
        "name": "172.81.60.97"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Government and administrations"
      },
      {
        "id": "",
        "name": "tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io"
      },
      {
        "id": "",
        "name": "filebulldogs.com"
      },
      {
        "id": "",
        "name": "e-kflower.com"
      }
    ]
  },
  "external_refs": [
    {
      "id": "e09db34c-d8f8-48c8-8fec-0f20368bb14a",
      "standard_id": "external-reference--35bce714-e1d3-5f89-ade5-a5689c363797",
      "entity_type": "External-Reference",
      "source_name": "AlienVault",
      "description": null,
      "url": "https://www.seqrite.com/blog/iran-us-israel-cyberwar-2026-analysis/",
      "hash": null,
      "external_id": null,
      "created": "2026-04-06T21:18:47.658Z",
      "modified": "2026-04-06T21:18:47.658Z",
      "createdById": null
    },
    {
      "id": "b65a6f66-b45d-4b22-886b-df30b48548d6",
      "standard_id": "external-reference--56722cd7-5787-505c-be5f-81be1d5d6f9f",
      "entity_type": "External-Reference",
      "source_name": "AlienVault",
      "description": null,
      "url": "https://otx.alienvault.com/pulse/69d3cb85f3db16d53c999e18",
      "hash": null,
      "external_id": "69d3cb85f3db16d53c999e18",
      "created": "2026-04-06T21:18:47.629Z",
      "modified": "2026-04-06T21:18:47.629Z",
      "createdById": null
    }
  ]
}