MeteorExpress
MeteorExpress is a wiper malware family referenced in reporting on Iranian disruptive and destructive cyber operations. The provided content identifies it as an example of wiper malware used in campaigns associated with Iranian state-aligned activity, alongside Shamoon. In that context, Iranian operations are described as targeting organizations in Israel, the United States, and allied nations, with likely affected sectors including government, critical infrastructure, defense, financial services, academic, and media. Anticipated destructive tradecraft in the same reporting includes deployment of wipers via fake hacktivist personas or APT clusters, exploitation of unpatched public-facing web services, and execution through scheduled tasks and LOLBins. The content does not provide specific technical indicators of compromise, infection-chain details, or platform-specific behavior for MeteorExpress beyond its classification as a wiper.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Destructive wiper malware referenced as part of Iranian disruptive/destructive operations.
Named as an example of wiper malware; no further technical detail provided in the excerpt.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.