Middle East conflict fuels hacktivist and Iranian-aligned cyber threats with DDoS, malware, and defacement risks. Stresses cybersecurity fundamentals and gender diversity gaps in STEM. Provides weekly malware IOCs including hashes and filenames.
| IOC Type | Value | Description | Relevant MITRE ATT&CK Techniques |
|---|---|---|---|
| Filename |
d4aa3e7010220ad1b458fac17039c274_64_Dll.dll
|
Example filename for Auto.90B145.282358.in02 malware | T1547.001 |
| Filename |
38d053135ddceaef0abb8296f3b0bf6114b25e10e6fa1bb8050aeecec4ba8f55.js
|
JavaScript file for malware distribution | T1064 |
| Filename |
d4aa3e7010220ad1b458fac17039c274_63_Exe.exe
|
Part of W32.Injector:Gen.21ie.1201 malware family | T1078 |
| Filename |
VID001.exe
|
SHA256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507, MD5: 2915b3f8b703eb744fc54c81f4a9c67f, Detection Name: Win.Worm.Coinminer::1201 | None |
| Filename |
https_2915b3f8b703eb744fc54c81f4a9c67f.exe
|
Example filename for Win.Worm.Coinminer malware | T1055|T1496 |
| Md5hash |
aac3165ece2959f39ff98334618d10d9
|
Malware detected as W32.Injector:Gen.21ie.1201 in Talos telemetry | T1055 |
| Md5hash |
2915b3f8b703eb744fc54c81f4a9c67f
|
Malware detected as Win.Worm.Coinminer::1201 in Talos telemetry | T1055|T1496 |
| Md5hash |
c2efb2dcacba6d3ccc175b6ce1b7ed0a
|
Malware detected as Auto.90B145.282358.in02 in Talos telemetry | T1547.001 |
| Md5hash |
41444d7018601b599beac0c60ed1bf83
|
Malware detected as W32.38D053135D-95.SBX.TG in Talos telemetry | T1027|T1218 |
| Md5hash |
a2cf85d22a54e26794cbc7be16840bb1
|
MD5 hash for W32.5E6060DF7E-100.SBX.TG detection | T1204 |
| Sha256hash |
90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59
|
From Talos telemetry; MD5: c2efb2dcacba6d3ccc175b6ce1b7ed0a; Filename: d4aa3e7010220ad1b458fac17039c274_64_Dll.dll; Detection: Auto.90B145.282358.in02 | None |
| Sha256hash |
96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974
|
From Talos telemetry; MD5: aac3165ece2959f39ff98334618d10d9; Filename: d4aa3e7010220ad1b458fac17039c274_63_Exe.exe; Detection: W32.Injector:Gen.21ie.1201 | None |
| Sha256hash |
5e6060df7e8114cb7b412260870efd1dc05979454bd907d8750c669ae6fcbcfe
|
SHA256 hash for W32.5E6060DF7E-100.SBX.TG detection | T1204 |
| Sha256hash |
9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
|
From Talos telemetry; MD5: 2915b3f8b703eb744fc54c81f4a9c67f; Filename: https_2915b3f8b703eb744fc54c81f4a9c67f.exe; Detection: Win.Worm.Coinminer::1201 | None |
| Sha256hash |
38d053135ddceaef0abb8296f3b0bf6114b25e10e6fa1bb8050aeecec4ba8f55
|
Malware detected as W32.38D053135D-95.SBX.TG in Talos telemetry | T1027|T1218 |
| Code | Title |
|---|---|
| T1566 | Phishing used by Russian state actors to compromise Signal and WhatsApp accounts |
| T1498 | DDoS attacks amplified by hacktivist activities during Middle East conflict |
| T1491 | Website defacement as a disruptive tactic in cyber operations |
| T1485 | Destructive malware deployed to disrupt organizational operations |
| T1055 | Process injection observed in injector malware detections for code execution |
| T1496 | Resource hijacking in coinminer malware for cryptocurrency mining |
| T1071 | Application layer protocol for network-based intrusions and C2 communication |
| T1204 | User execution required for malware propagation via disguised files |
| Type | Value |
|---|---|
| Company | TriZetti |
| Country | Netherlands |
| Country | United States |
| Region | Middle East |
| Sector | Critical Infrastructure |
| Sector | Healthcare |
Blog This one’s for you, Mom By Joe Marshall Thursday, March 12, 2026 14:00 Threat Source newsletter Welcome to this week’s edition of the Threat Source newsletter. I am the product of a single parent, my mom, who along with my grandparents helped raise me into the man I am today. I cannot fathom what it took for my mom, who worked three jobs to put herself through college to be a teacher, to struggle through it. My grandparents did some heavy lifting here, helping with me as a kid as my mom worked long hours and earned her bachelor’s degree. I didn’t see as much of my mom as I wanted — but in her third job where she cleaned offices on the weekend, I would often go with her and help. It got me out of the house, let me spend time with my mom, and afterwards we’d have a meal together. Shout out to the Taco Bell dollar menu, which was all we could afford. It took me well into my thirties to understand how important that time we shared was, even as I took out garbage, cleaned bathrooms, and complained the entire time. So why am I waxing nostalgic for my childhood janitorial days? Role models. My mom is certainly one. We also recently recognized International Women’s Day here at Talos, and I couldn’t help but think of the sacrifices and hard work my mom did to ensure I had food and clothing and was loved. It caused me to reflect on the women who work in my career space, especially here at Cisco. What parallels exist? What don’t I know about? How can I be an ally? I had previously observed that cybersecurity is a male-dominated field, but I hadn’t really dug into any data to support that. It also made me wonder: What other STEM fields suffered from a lack of, or had successes in, gender diversity? So I did some homework to better understand. Some sobering stats: Women make up 28.2% of the broad STEM global workforce — but in the U.S./U.K. it’s only 19.2% and 17.9% respectively .
In STEM categories like biology and life sciences, women make up over half (!!!) of doctoral recipients in biology related fields and 60% of all undergraduate degrees. In computer sciences it’s only 21.3% for a bachelors. Pay gaps . Whooo buddy. There’s a $7,000 pay gap in the U.S ($5,400 globally) between men and women in cybersecurity, and it gets even worse if you are Black, Indigenous, and a Person of Color (BIPOC). Leadership roles ? Forget about it. In cybersecurity, women hold 16% of CISO roles and only 7% are in C-level positions . Well, that was depressing. I knew it wasn’t great, but geez. Even though I'm a bit slow, I did find some good news. There are a lot of fantastic organizations , programs, and scholarships to help women attain skills and get great jobs in STEM, especially in cybersecurity. I’m quite partial to CTFs and competitions in this space — it’s valuable hands-on experience, and having fun hacking stuff in a safe and inclusive space is fantastic. I’m also fond of Women in Cybersecurity (WiCyS). I've been fortunate to do WiCyS mentorship here in Cisco, and it was an awesome experience. Should you find yourself in a position to mentor someone that would add diversity into our career space, do it! It is incredibly rewarding. A diversity of thoughts and lived experiences make us and those we protect safer — which is what we do all day, every day here in Talos. The one big thing On Tuesday, March 10, Talos updated our blog on the developing situation in the
Talos cautions against accepting these claims at face value, emphasizing that defenders should independently verify them since older leaks and previously public information can be used to influence perceptions. Why do I care? Cyber operations are likely to play a supporting but strategically significant role in the ongoing conflict. Iranian-aligned groups are employing network-based intrusions to target adversary infrastructure and advance strategic objectives. Destructive malware can present a direct threat to an organization’s daily operations, impacting the availability of critical assets and data. Disruptive cyberattacks against organizations in a target country may unintentionally spill over to organizations in other countries. A more active hacktivist landscape inherently increases the threat of DDoS and website defacement attacks, as hundreds of attacks have been claimed by numerous collectives since the beginning of the conflict. So now what? Organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for destructive malware. Consider minimizing the amount and sensitivity of data that is available to external parties. To improve defenses against DDoS attacks, ensure your organization has a business continuity plan in place, assess external attack surfaces, and confirm that critical systems have healthy, usable backups. For website defacement/redirect protection, ensure that websites are protected against the most commonly exploited security vulnerabilities. Defenders should ensure security fundamentals are being adhered to, such as robust patching for known vulnerabilities and requiring multi-factor authentication (MFA) for remote access and on critical services. Network security teams should proactively monitor their traffic for APT-associated IP addresses and implement hardening guidelines. We will update this blog with IOCs and further developments accordingly.
Top security headlines of the week Russian government hackers targeting Signal and WhatsApp users, Dutch spies warn Two agencies accused “Russian state actors” of using phishing and social engineering techniques — rather than malware — to take over accounts on the two messaging apps. ( TechCrunch ) FBI investigating “suspicious” cyber activities on critical surveillance network The FBI has identified a suspected cybersecurity incident on a sensitive network used to manage wiretaps and intelligence surveillance warrants. Officials are working to determine the seriousness of the incident. ( CNN ) TriZetto confirms year-long hack of its network exposed records on 3.4M people Until recently, the total number of impacted individuals was unknown. According to a recent filing with the Office of the Maine Attorney General, the breach likely initially occurred on November 19, 2024. ( HealthExec ) "InstallFix” attacks spread fake Claude Code sites A fresh cyber attack campaign blends malvertising with a ClickFix-style technique that highlights risky behavior with AI coding assistants and command-line interfaces. ( Dark Reading ) ClickFix attack uses Windows Terminal to evade detection Victims are instructed to open Windows Terminal directly, instead of relying on the Windows Run dialog. The new approach, observed in the wild in February, allows attackers to bypass protections designed to prevent Run dialog abuse. ( Dark Reading ) Can’t get enough Talos? It's the B+ Team: Matt Olney returns Matt is back to talk with the crew about about the most random things, including TikTok diagnosing us with ADHD, K-Pop Demon Hunters, ransomware in hospitals (the serious bit), attacker use of AI, and why 1999-era tricks are still undefeated. Modernizing your threat hunt David Bianco joins Amy to explore the evolution of the PEAK Threat Hunting framework and talk through how security teams can modernize their approach to identifying risks before they escalate.
Spinning complex ideas into clear docs with Kri Dontje Kri and Amy discuss the importance of consistency, accuracy, and accessibility in documentation; how to get the most out of a subject matter expert-technical writer relationship; and the surprising connection between weaving and binary code. Agentic AI security This blog emphasizes the importance of robust risk management and threat modeling to defend against both internal operational errors and potential malicious exploitation.
Upcoming events where you can find Talos DEVCORE 2026 (March 14) Taipei, Taiwan Botconf 2026 (April 15 – 17) Reims, France Most prevalent malware files from Talos telemetry over the past week SHA256: