The group has tapped the tension around the Iranian nuclear program to spread a malware and the interesting idea is that the final target of the agent are the US military staff. The malware use a consolidated. document sent with spam mail. The subject is Irans Oil and Nuclear Situation.doc The. document contains a Shockwave Flash applet that tries to load a video file (.mp4) from hxxp://208.1xx.23x.76/test.mp4. The. malicious code tries to connect to a C&C server that uses dynamic DNS services to permanently change its IP address.”]