PSYC-OTX-6a109360ffcb2c8229a150c7

OTX: Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns

The full record for one case — how Classifyline rated it, what Scoutline observed, the evidence Sealine encrypted, where Routeline may send it, and every ledger entry it produced.

how to use this view

How to use. Read the cards top-to-bottom — classification, observables, sealed package, routes, ledger. Hit ▶ case journey for the animated walk-through.

What you're seeing. Every worker line's output for this one case: how it was rated, what was observed, what was encrypted and to whom, where it would route, and the audit rows it produced.

Why it matters. Nothing sensitive leaves psyc without a human seeing the full reasoning chain — this page is that chain, for one case.

Classification

Severity: medium
TLP: GREEN
Incident type: malware
Internal class: D

Confidence

Level: medium
Source reliability: C
Information credibility: 3

Source

Type: threat_intel
Reference: https://otx.alienvault.com/pulse/6a109360ffcb2c8229a150c7
Observed: 2026-05-22 17:33 UTC
Ingested: 2026-05-25 14:56 UTC

Observables

Domains

business-startup.org

Hashes

628d831989787ee1b4ffee611cb2014b
810f8e3b88eb05f710c09552941d6f56
cdbe76cdfdec8f7c09781b2ef0fdb7f4
edcdba624ddb43c2a1dcf334aa493068
0997b6c2fdc3af2de118db559c92ef510c60a994
67f41dc48bfd0c0597295259bd3c0d3c09dfea34
da11679653ef33952c3dc8d8850e43d7b8ac884a
0db36a04d304ad96f9e6f97b531934594cd95a5cea9ff2c9af249201089dc864
332ba2f0297dfb1599adecc3e9067893e7cf243aa23aedce4906a4c480574c17
38bd137c672bd58d08c4f0502f993a6561e2c3411773d1ae57ee0151a0a9d11d
43dc62cef52ebdd69e79f10015b3e13890f26c058325c0ff139c70f8d8eadcfa
44f4f7aca7f1d9bfdaf7b3736934cbe19f851a707662f8f0b0c49b383e054250
74882085db2088356ed7f72f01e0404a0a98cda88ef56fb15ce74c1f36b26d27
8808c794c24367438f183e4be941876f1d3ecd0c8d2eb43b10d2380841d2283b
9cf029daca89523d917dafed0568d11d00e45ec96b5b90b4a1f7fd4018c7da84
9e4a658e6d831c9e9bdfe11884a75b7c64812ed0a80e8495ddf6b316505acac1
b19e06da580cf91691eda066ac9ee4b09c6e5dc26c367af12660fe1f9306eec4
bc3b44154518c5794ce639108e7b9c5fecb0c189607a26de1aaed518d890c7ad
d4a7e9f107fe40c1a5d0139c6c6e25bf6bf57f61feff090bee28f476bb3cc3c2

Routes

2 allowed · 2 blocked

MISP-Community priority 2 · stix_indicators · max_tlp AMBER

URLhaus priority 3 · malware_url_report · max_tlp GREEN

CERT-Bund country_mismatch

AbuseIPDB tlp_exceeded