Middle East Conflict Fuels Opportunistic Cyber Attacks

    Tuesday, March 10, 2026 In: Threat Research Print

    Date: 03/10/2026

    Severity: High

    Summary

    Cybercriminals are exploiting the heightened political tensions in the Middle East to launch opportunistic cyber campaigns using conflict-themed lures. Thousands of newly registered domains related to the conflict have been identified, many of which may be used for future malicious activity such as phishing, scams, and malware distribution. Observed campaigns include fake news sites, phishing pages, donation scams, and malware delivery using lures tied to regional events, including the deployment of the LOTUSLITE backdoor and StealC malware through deceptive content.

    Indicators of Compromise (IOC) List

    URLs/Domain

    media.hyperfilevault2.mom

    arch2.maxdatahost1.cyou

    arch.megadatahost1.lol

    media.megafilehost2.sbs

    media.megadatahost1.lol

    arch2.megadatahost1.lol

    media.maxdatahost1.cyou

    flourishingscreencousin.com

    Holidayslettucecircumvent.com

    www.e-kflower.com/_prozn/_skin_mbl/home/KApp.rar

    www.e-kflower.com/_prozn/_skin_mbl/home/KAppl.rar

    IP Address

    80.97.160.190

    172.81.60.97

    Hash

    098BC0DD6A02A777FABB1B7D6F2DA505

    972585e50798cb5f122f766d8f26637f

    6accd57e48c34cadc998d00594229e42

    8c5a4dafed1586cec48d8eda267d8e42

    722bcd4b14aac3395f8a073050b9a578

    10fb1122079b5ae8e4147253a937f40f

    1b3fa84de23c6e789958462e6185e9cf0680ed9c

    Be34901237c9fa9563e8dc9e71faf3a7e68f983f

    B9dfc411699e07343b9b95daa79fe7e4b6811579

    E5baecb74c456df26aa7e0fa1661838cd86ccfd7

    7d4e31c8b11be7c970860c4fbc8fe85c70724cb1

    db40546435a7c42b32493301e333c8c0010e652fecd02463614a386f916055ec

    4fb9b5d115bceee45a89447fb2565faef07452cda6b8e244e53ad91499c3d9b5

    24b11b4b999b385bede48ad9f0570e2e5da4a2054b96738b1e4d4946ece94bc1

    819f586ca65395bdd191a21e9b4f3281159f9826e4de0e908277518dba809e5b

    8564763407064117726211ff8f89555e5a3b2b70bc9667032abd69cbe53b5216

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1 :

    domainname like "arch2.megadatahost1.lol" or siteurl like "arch2.megadatahost1.lol" or url like "arch2.megadatahost1.lol" or domainname like "arch.megadatahost1.lol" or siteurl like "arch.megadatahost1.lol" or url like "arch.megadatahost1.lol" or domainname like "arch2.maxdatahost1.cyou" or siteurl like "arch2.maxdatahost1.cyou" or url like "arch2.maxdatahost1.cyou" or domainname like "media.megadatahost1.lol" or siteurl like "media.megadatahost1.lol" or url like "media.megadatahost1.lol" or domainname like "media.megafilehost2.sbs" or siteurl like "media.megafilehost2.sbs" or url like "media.megafilehost2.sbs" or domainname like "media.maxdatahost1.cyou" or siteurl like "media.maxdatahost1.cyou" or url like "media.maxdatahost1.cyou" or domainname like "media.hyperfilevault2.mom" or siteurl like "media.hyperfilevault2.mom" or url like "media.hyperfilevault2.mom" or domainname like "Holidayslettucecircumvent.com" or siteurl like "Holidayslettucecircumvent.com" or url like "Holidayslettucecircumvent.com" or domainname like "flourishingscreencousin.com" or siteurl like "flourishingscreencousin.com" or url like "flourishingscreencousin.com" or domainname like "www.e-kflower.com/_prozn/_skin_mbl/home/KApp.rar" or siteurl like "www.e-kflower.com/_prozn/_skin_mbl/home/KApp.rar" or url like "www.e-kflower.com/_prozn/_skin_mbl/home/KApp.rar" or domainname like "www.e-kflower.com/_prozn/_skin_mbl/home/KAppl.rar" or siteurl like "www.e-kflower.com/_prozn/_skin_mbl/home/KAppl.rar" or url like "www.e-kflower.com/_prozn/_skin_mbl/home/KAppl.rar"

    Detection Query 2 :

    dstipaddress IN ("80.97.160.190","172.81.60.97") or srcipaddress IN ("80.97.160.190","172.81.60.97")

    Detection Query 3 :

    md5hash IN ("6accd57e48c34cadc998d00594229e42","10fb1122079b5ae8e4147253a937f40f","098BC0DD6A02A777FABB1B7D6F2DA505","972585e50798cb5f122f766d8f26637f","8c5a4dafed1586cec48d8eda267d8e42","722bcd4b14aac3395f8a073050b9a578")

    Detection Query 4 :

    sha1hash IN ("7d4e31c8b11be7c970860c4fbc8fe85c70724cb1","Be34901237c9fa9563e8dc9e71faf3a7e68f983f","1b3fa84de23c6e789958462e6185e9cf0680ed9c","B9dfc411699e07343b9b95daa79fe7e4b6811579","E5baecb74c456df26aa7e0fa1661838cd86ccfd7")

    Detection Query 5 :

    sha256hash IN ("8564763407064117726211ff8f89555e5a3b2b70bc9667032abd69cbe53b5216","4fb9b5d115bceee45a89447fb2565faef07452cda6b8e244e53ad91499c3d9b5","db40546435a7c42b32493301e333c8c0010e652fecd02463614a386f916055ec","24b11b4b999b385bede48ad9f0570e2e5da4a2054b96738b1e4d4946ece94bc1","819f586ca65395bdd191a21e9b4f3281159f9826e4de0e908277518dba809e5b")

    Reference:    

    https://www.zscaler.com/blogs/security-research/middle-east-conflict-fuels-opportunistic-cyber-attacks#


    Tags

    MalwareThreat ActorThe Middle EastPhishingBackdoorSTEALC

    « Previous Article

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.