Amaq Finder
Amaq Finder is a malware/tool name referenced in reporting on Iranian cyber capability through March 2026. It is mentioned as a newer addition alongside Rugissement and is also listed in malware/IOC hash material. The provided content does not include verified technical details on its functionality, infection vector, persistence, command-and-control, targeted platforms, associated threat actor, victimology, or specific indicators of compromise beyond the name appearing in IOC/hash listings. Based on the available content, the only high-confidence characterization is that Amaq Finder is tracked as malware or a malicious tool observed in the Iranian threat reporting corpus.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Groups observed using it
1 distinct threat actor attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Newer Infy malware addition observed during the group’s resurgence.
Named tool/malware referenced only via IOC/hash listings; functionality not described in the provided content.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.