3 malware families

Fatimiyoun Electronic Team

Also known asFatimiyoun Electronic Team

Fatimiyoun Electronic Team is an Iran-aligned/pro-Iranian cyber actor referenced in reporting on expected Iranian cyber retaliation amid regional escalation. The actor is described as being linked to the Fatimiyoun Brigade and operating via Afghanistan- or Pakistan-based networks. In the cited reporting, the group is assessed as attempting to deploy destructive wiper malware against Western financial services and energy firms. The actor is further described as using custom wiper malware similar to Shamoon variants, employing botnets, and delivering backdoors including a tool referred to as “Tickler.” Known alias in the provided content: “fatimiyoun_electronic_team” (same name).

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

OPERATIONAL PROFILE

Targeting

Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.

Who they target

Sectors the actor has been observed targeting.

Energy
Banks
Financial Services
Insurance

MITRE ATT&CK

Tradecraft

3 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

2 of 15 tactics3 techniques×N= number of intelligence reports citing this technique

MITRE ATT&CK

TA0001

Initial Access

1 technique

T1566

Phishing

TA0040

Impact

2 techniques

T1485×2

Data Destruction

T1498

Network Denial of Service

ARSENAL

Associated malware families

3 malware families attributed to this actor across reporting.

FamilyContextEvidenceLast seen

DieNetThey have employed botnets such as those based on DieNet or Mirai variants for DDoS attacks...1Mar 6, 2026

MiraiThey have employed botnets such as those based on DieNet or Mirai variants for DDoS attacks...1Mar 6, 2026

TicklerIn 2024, they... deployed Tickler malware against US and UAE satellite, government, and energy sectors.1Mar 6, 2026

ACTIVITY FEED

Recent activity

2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

2 SOURCESView more in app

polyswarmNews

Mar 6, 2026

Cyber Strategy Under Fire: Iranian APT and Proxy Retaliation Risks

Iran-aligned proxy/hacktivist group linked to the Fatimiyoun Brigade; described using wipers, DDoS botnets, and social engineering/phishing to deliver persistence backdoors; claims activity against Western targets.

bank info securityNews

Mar 1, 2026

Western Cybersecurity Experts Brace for Iranian Reprisal

Actor attempting to deploy wiper malware against Western financial services and energy sector targets.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping3

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal3

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.