Iran Unknown 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (411)

タイムライン

言語

en344
es16
ru12
fr8
sv6

国・地域

us278
ru34
pt18
es12
fr10

アクター

Cobalt Strike2
SideWinder1
SystemBC1
TA5051
Scar1

アクティビティ

関心

タイムライン

タイプ

Not Defined120
Content Management System30
Operating System20
Router Operating System12
Programming Language Software12

ベンダー

Not Defined106
Microsoft24
Cisco8
Apache8
Oracle8

製品

Microsoft Windows16
WordPress8
PHP6
Magento4
nginx4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1TikiWiki tiki-register.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0107510.00CVE-2006-6168
2LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000005.12
3AWStats Config awstats.pl クロスサイトスクリプティング4.34.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005870.13CVE-2006-3681
4Tiki Admin Password tiki-login.php 弱い認証8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009363.36CVE-2020-15906
5Serendipity exit.php 特権昇格6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.18
6Void Contact Form 7 Widget for Elementor Page Builder Plugin void_cf7_opt_in_user_data_track 未知の脆弱性4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2022-47166
7SPIP spip.php クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.44CVE-2022-28959
8nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.63CVE-2020-12440
9Lars Ellingsen Guestserver guestbook.cgi クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001690.04CVE-2005-4222
10SourceCodester Library Management System index.php SQLインジェクション7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001140.08CVE-2022-2492
11Composer URL 特権昇格6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.117460.00CVE-2021-29472
12Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.018710.40CVE-2007-2046
13MGB OpenSource Guestbook email.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.013020.97CVE-2007-0354
14WordPress WP_Query SQLインジェクション6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.945850.04CVE-2022-21661
15Magento Search Module SQLインジェクション7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000700.02CVE-2021-21024
16PHPGurukul Online Course Registration System news-details.php SQLインジェクション7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.10CVE-2024-5064
17PHPGurukul Online Course Registration System SQLインジェクション7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.03CVE-2024-5065
18code-projects Simple Chat System register.php クロスサイトスクリプティング3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-4974
19Keenetic KN-1010/KN-1410/KN-1711/KN-1810/KN-1910 Configuration Setting ndmComponents.js 情報の漏洩5.35.1$0-$5k$0-$5kProof-of-ConceptWorkaround0.000450.17CVE-2024-4021
20ZoneMinder Language Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.374640.03CVE-2022-29806

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • Albanian Government

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
146.30.189.66Iran UnknownAlbanian Government2022年09月09日verified
251.89.181.64ip64.ip-51-89-181.euIran Unknown2022年11月21日verified
366.219.22.235core96.hostingmadeeasy.comIran Unknown2022年10月12日verified
483.171.238.62558.cluster-nbg1.deIran Unknown2022年10月12日verified
5XX.XXX.XXX.XXXXxxx Xxxxxxx2021年11月21日verified
6XXX.XX.X.XXxxxxxx.xx.x.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx XxxxxxxXxxxxxxx Xxxxxxxxxx2022年09月09日verified
7XXX.XX.XXX.XXXxxxxxxxx.xxXxxx Xxxxxxx2022年11月21日verified
8XXX.XXX.XXX.XXXxxxx-xxxxxxx.xxxxx.xxxxx.xxXxxx XxxxxxxXxxxxxxx Xxxxxxxxxx2022年09月09日verified
9XXX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx XxxxxxxXxxxxxxx Xxxxxxxxxx2022年09月09日verified
10XXX.XX.XXX.XXXxxx Xxxxxxx2021年11月21日verified
11XXX.XX.XXX.XXxxxxxx.xx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx Xxxxxxx2021年11月21日verified
12XXX.X.XX.XXXxxxxxx.xxx.xx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx XxxxxxxXxxxxxxx Xxxxxxxxxx2022年09月09日verified
13XXX.XX.XXX.XXxxx Xxxxxxx2022年11月21日verified
14XXX.XX.XX.XXXXxxx XxxxxxxXxxxxxxx Xxxxxxxxxx2022年09月09日verified
15XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxx Xxxxxxx2022年10月12日verified
16XXX.XXX.XX.XXXxxxxxxx.xxxxxxx.xx.xxXxxx Xxxxxxx2022年10月12日verified
17XXX.XX.XXX.XXXxxx XxxxxxxXxxxxxxx Xxxxxxxxxx2022年09月09日verified
18XXX.XX.XXX.XXXxxx XxxxxxxXxxxxxxx Xxxxxxxxxx2022年09月09日verified

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22, CWE-425Path Traversalpredictive
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-242CWE-94Argument Injectionpredictive
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCAPEC-108CWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
13TXXXXCAPEC-49CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCAPEC-102CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictive
15TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
16TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
17TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictive
18TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
19TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
20TXXXX.XXXCAPEC-59CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (192)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File//etc/RT2870STA.datpredictive
2File/admin/maintenance/view_designation.phppredictive
3File/administration/theme.phppredictive
4File/api/index.phppredictive
5File/boafrm/formFilterpredictive
6File/cgi-bin/predictive
7File/cgi-bin/webprocpredictive
8File/check_availability.phppredictive
9File/clinic/medical_records_view.phppredictive
10File/control/register_case.phppredictive
11File/coreframe/app/pay/admin/index.phppredictive
12File/dashboard/Cinvoice/manage_invoicepredictive
13File/forum/away.phppredictive
14File/importexport.phppredictive
15File/index.phppredictive
16File/manage_receiving.phppredictive
17File/mobileredir/openApp.jsppredictive
18File/ndmComponents.jspredictive
19File/ofrs/admin/?page=requests/manage_requestpredictive
20File/onlinecourse/predictive
21File/register.phppredictive
22File/searchpredictive
23File/spip.phppredictive
24File/xxxxxxxxx.xxx#xxxx=xxxxxxxxxpredictive
25File/xxxxxxxxx.xxxpredictive
26File/xxx/xxx/xx/xxx_xxx.xxxpredictive
27File/xxxx/xxxxxxx_xxxx_xxxx_xxxxxx_xxxxx.xxxpredictive
28File/xxxx/xxxxxxxxx_xxxxxx_xxxx.xxxpredictive
29File/xx-xxxxx/xxxxx-xxxx.xxxpredictive
30Filexxxxxx.xxxpredictive
31Filexxxxxxxxxx_xxxx.xxxpredictive
32Filexxxxxxx.xxxpredictive
33Filexxxxx.xxxpredictive
34Filexxxxxxx/xxxx/xxxxxx.xxxpredictive
35Filexxxxxxxxxxxx.xxxpredictive
36Filexxxxxxxx.xxxpredictive
37Filexxx_xxxxxxx.xxxpredictive
38Filexxxxxxxxxx.xxxpredictive
39Filexxxx-xxxx.xpredictive
40Filexxxxx.xxxpredictive
41Filexxxx_xxxx_xx.xxpredictive
42Filexxxxxxx.xxpredictive
43Filexxxxx/xxxx-xxxx.xpredictive
44Filexxxxxxxxxxx.xxxpredictive
45Filexxx.xxxpredictive
46Filexxxxxxx.xxxpredictive
47Filexxx-xxx/xxx_xxx_xxxxxx.xxxpredictive
48Filexxx-xxx/xxxxx/xxxxx/xxxxx/xxx_xxxx/xxxx_xxxx/predictive
49Filexxxxx.xxxpredictive
50Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictive
51Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictive
52Filexxxxxxxxx/xxx/xxxxx/xxxxx/xxxxx.xxxpredictive
53Filexxxxx.xxxxpredictive
54Filexxxxxxx.xxxpredictive
55Filexxxxxx.xxxpredictive
56Filexxxx_xxxxxxxxxxxxxx_xxxxxxxxxx.xxxpredictive
57Filexxxxx.xxxpredictive
58Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictive
59Filexxxx.xxxpredictive
60Filexxxxxxxx-xxxxxx-xxxxxx.xxxpredictive
61Filexxxxxxx.xxxpredictive
62Filexxx/xxx-xxxxx.xpredictive
63Filexxxxxxx.xxxpredictive
64Filexxxx/xxxxpredictive
65Filexxx_xxxx.xxxpredictive
66Filexxxx.xxxpredictive
67Filexxxxxxxxx.xxxpredictive
68Filexx/xxx/xxxx_xxxxx.xpredictive
69Filexxxxxx.xxxpredictive
70Filexxx/xxxxxx.xxxpredictive
71Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
72Filexxxxx.xxxxpredictive
73Filexxxxx.xxxpredictive
74Filexxxxxx.xxxpredictive
75Filexxxx_xxxx.xxxpredictive
76Filexxxxxx/xxxxxx.xpredictive
77Filexxxxxxx.xxxpredictive
78Filexxxxx_xx.xxxxpredictive
79Filexxxxxx_xxxx.xxxpredictive
80Filexxx/xxxxxxxxx/x_xxxxxx.xpredictive
81Filexxxx-xxxxxxx.xxxpredictive
82Filexxxx.xxxpredictive
83Filexxxx_xxxx.xxxpredictive
84Filexxx_xxxx.xxxpredictive
85Filexxxxxx.xpredictive
86Filexxxxxxxxx.xxx.xxxpredictive
87Filexxxxxxx_xxxxxx_xxx.xxxxpredictive
88Filexxxxxxxxxxxxx.xxxpredictive
89Filexxxxx/xxxxxxx.xxxpredictive
90Filexxxxxxxx.xxxpredictive
91Filexxxxxxxx.xxxpredictive
92Filexxxxxxxxxx_xxxxx.xxxxxxpredictive
93Filexxxxxxxxxxxxxxx.xxxpredictive
94Filexxxxxx.xxxpredictive
95Filexxxxxxxxxxxxx.xxxpredictive
96Filexxxxxx_xxxx.xxxpredictive
97Filexxxxx.xxxxpredictive
98Filexxxx-xxxxxx.xpredictive
99Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
100Filexxxxxxxxxxx.xxxpredictive
101Filexxxx.xxxpredictive
102Filexxxxxxx-xxxxxxx.xxxpredictive
103Filexxxx.xpredictive
104Filexxxx-xxxxxxxx.xxxpredictive
105Filexxxx-xxxxx.xxxpredictive
106Filexxxx-xxxxxxxx.xxxpredictive
107Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictive
108Filexxx_xxxxxx.xxxpredictive
109Filexxxxxxxx.xxxpredictive
110Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictive
111Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
112Filexx-xxxxxxxx/xx/xxxxxxxxxxxxpredictive
113Filexx-xxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictive
114Filexxxx.xxxpredictive
115Filexxxxxxxxxxx.xxxpredictive
116File\xxxxx\xxxxx\xxxxxxxxx.xxxpredictive
117File~/xxxxxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
118Argumentxxxxxx/xxxxxxxxpredictive
119Argumentxxxxpredictive
120Argumentxxxxxpredictive
121Argumentxxxxxxxxxpredictive
122Argumentxxxxxxxxxxxxxxpredictive
123Argumentxxxxxxxxpredictive
124Argumentxxxpredictive
125Argumentxxxxxxxxxxpredictive
126Argumentxxxxxpredictive
127Argumentxxx_xxpredictive
128Argumentxxxxxxxxxxpredictive
129Argumentxxxpredictive
130Argumentxxxx_xxpredictive
131Argumentxxxxx/xxx_xxxxx/xxxxx/xxxxxxxxxxxpredictive
132Argumentxxxxxxpredictive
133Argumentxxxxxxxxxxxx/xxxxxxxxxxxpredictive
134Argumentxxxxxxxxx[x]predictive
135Argumentxxxxxxxxxxx/xxxx/xxxxxxxpredictive
136Argumentxxxxpredictive
137Argumentxxxxxxxpredictive
138Argumentxxxxpredictive
139Argumentxxxxpredictive
140Argumentxxxxxx[xxxxxxx]predictive
141Argumentxxxxxxxxxxxpredictive
142Argumentxxxxxxxpredictive
143Argumentxxxxxpredictive
144Argumentxxxxpredictive
145Argumentxxpredictive
146Argumentxxxxxxxxxpredictive
147Argumentxx_xxxxxxxxpredictive
148Argumentxx_xxxxxpredictive
149Argumentxx_xxxxpredictive
150Argumentxxxxxxxxxxpredictive
151Argumentxxxxxxxxxxpredictive
152Argumentxxxxx[xxxxx][xx]predictive
153Argumentxxxxxxxxpredictive
154Argumentxxxxxxxxpredictive
155Argumentxxxxxxxxpredictive
156Argumentxxxxpredictive
157Argumentxxxxxxpredictive
158Argumentxxxxxxxxxxpredictive
159Argumentxxxxxx xxxxxpredictive
160Argumentxxxxpredictive
161Argumentxxxxxxpredictive
162Argumentxxxx_xxpredictive
163Argumentxxxpredictive
164Argumentxxxxxxxxxxxpredictive
165Argumentxxxxpredictive
166Argumentxxxxxxxxpredictive
167Argumentxxxx_xxxpredictive
168Argumentxxxxxxxxxpredictive
169Argumentxxxxxxx_xxpredictive
170Argumentxxxxxxxxpredictive
171Argumentxxxxxxxxxxx/xxxxpredictive
172Argumentxxxxxxxx_xxx/xxxxxx_xxpredictive
173Argumentxxxxxpredictive
174Argumentxxxxxxxxpredictive
175Argumentxxxxxxpredictive
176Argumentxxxxxxxxxxxxpredictive
177Argumentxxxxxxxpredictive
178Argumentxxxxx_xxxpredictive
179Argumentxxxxxpredictive
180Argumentxxxxxpredictive
181Argumentxxxxx/xxxx_xx/xxxxxx_xxxx/xxxxx/xxxx_xxxx/xxxx_xxxxx/xxxxx_xxxx/xxxxxxxxxxx/xxxxxxx_xxxx/xxxxxxx_xxxx/xxxxxxxx_xxxxxx/xxxxx_xxxx/xxxxxxpredictive
182Argumentxxxxxpredictive
183Argumentxxxxxxxxxxxxxxxpredictive
184Argumentxxxxxxxxxxx/xxxxxx/xxxxxxxxxx/xxxxxxxxpredictive
185Argumentxxxpredictive
186Argumentxxxxxxxx/xxxxpredictive
187Argumentxx_xxxx_xxxxxx_xxxxxxxxxxpredictive
188Input Value"><xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictive
189Input Value<xxx xxxxxx=xxxxx(xxxx)>predictive
190Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictive
191Network Portxxx/xxxxxpredictive
192Network Portxxx/xxx, xxx/xxx, xxx/xxxx, xxx/xxxxpredictive

参考 (5)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!