Iran Unknown Analysis

IOB - Indicator of Behavior (179)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en146
es14
de4
ru4
ar4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us126
ru24
es10
nl6
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

TA5051
Scar1
MuddyWater1
SideWinder1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined44
Content Management System24
Operating System22
Web Server10
Programming Language Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined70
Microsoft22
Cisco4
Oracle4
Thekelleys4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows18
WordPress6
nginx6
Magento4
Oracle MySQL Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1SourceCodester Library Management System index.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00885CVE-2022-2492
2Composer URL code injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.010.05471CVE-2021-29472
3WordPress WP_Query sql injection6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.070.11157CVE-2022-21661
4Magento Search Module sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.060.00885CVE-2021-21024
5nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined1.980.00000CVE-2020-12440
6LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.590.00000
7SourceCodester Loan Management System index.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00885CVE-2022-2766
8SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.320.01018CVE-2022-28959
9markdown-it-toc escape output6.96.8$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2020-28455
10MMS Gallery PHP get_file.php path traversal3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00000
11Microsoft Windows ALPC Privilege Escalation7.26.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.050.01150CVE-2022-23287
12PHP _php_stream_scandir memory corruption9.08.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.24563CVE-2012-2688
13WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.070.01034CVE-2022-21664
14Samsung Smart Phone Keymaster entropy2.62.5$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2021-25444
15nginx HTTP2 resource consumption6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.040.01537CVE-2018-16843
16Tenable Nessus Web UI debug log file5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.050.10855CVE-2022-33757
17Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined3.230.00000
18Google Chrome libxml2 parser.c xmlStringLenDecodeEntities memory corruption7.36.6$25k-$100k$5k-$25kProof-of-ConceptOfficial Fix0.020.03779CVE-2011-3919
19Hikvision DVR DS-7204 Authorization memory corruption7.37.3$0-$5k$0-$5kHighNot Defined0.050.73343CVE-2014-4880
20CuppaCMS index.php permission assignment7.57.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.01978CVE-2022-37190

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Albanian Government

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
146.30.189.66Iran UnknownAlbanian GovernmentverifiedHigh
251.89.181.64ip64.ip-51-89-181.euIran UnknownverifiedHigh
366.219.22.235core96.hostingmadeeasy.comIran UnknownverifiedHigh
483.171.238.62558.cluster-nbg1.deIran UnknownverifiedHigh
5XX.XXX.XXX.XXXXxxx XxxxxxxverifiedHigh
6XXX.XX.X.XXxxxxxx.xx.x.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx XxxxxxxXxxxxxxx XxxxxxxxxxverifiedHigh
7XXX.XX.XXX.XXXxxxxxxxx.xxXxxx XxxxxxxverifiedHigh
8XXX.XXX.XXX.XXXxxxx-xxxxxxx.xxxxx.xxxxx.xxXxxx XxxxxxxXxxxxxxx XxxxxxxxxxverifiedHigh
9XXX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx XxxxxxxXxxxxxxx XxxxxxxxxxverifiedHigh
10XXX.XX.XXX.XXXxxx XxxxxxxverifiedHigh
11XXX.XX.XXX.XXxxxxxx.xx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx XxxxxxxverifiedHigh
12XXX.X.XX.XXXxxxxxx.xxx.xx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx XxxxxxxXxxxxxxx XxxxxxxxxxverifiedHigh
13XXX.XX.XXX.XXxxx XxxxxxxverifiedHigh
14XXX.XX.XX.XXXXxxx XxxxxxxXxxxxxxx XxxxxxxxxxverifiedHigh
15XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxx XxxxxxxverifiedHigh
16XXX.XXX.XX.XXXxxxxxxx.xxxxxxx.xx.xxXxxx XxxxxxxverifiedHigh
17XXX.XX.XXX.XXXxxx XxxxxxxXxxxxxxx XxxxxxxxxxverifiedHigh
18XXX.XX.XXX.XXXxxx XxxxxxxXxxxxxxx XxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (91)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/administration/theme.phppredictiveHigh
2File/api/index.phppredictiveHigh
3File/cgi-bin/webprocpredictiveHigh
4File/coreframe/app/pay/admin/index.phppredictiveHigh
5File/forum/away.phppredictiveHigh
6File/index.phppredictiveMedium
7File/ofrs/admin/?page=requests/manage_requestpredictiveHigh
8File/spip.phppredictiveMedium
9File/usr/www/ja/mnt_cmd.cgipredictiveHigh
10File/wp-admin/admin-ajax.phppredictiveHigh
11Fileannouncement.phppredictiveHigh
12Fileattachment.phppredictiveHigh
13Filexxxx-xxxx.xpredictiveMedium
14Filexxxxx/xxxx-xxxx.xpredictiveHigh
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictiveHigh
19Filexxxxxxxxx/xxx/xxxxx/xxxxx/xxxxx.xxxpredictiveHigh
20Filexxxxx.xxxxpredictiveMedium
21Filexxxxxxx.xxxpredictiveMedium
22Filexxxxxx.xxxpredictiveMedium
23Filexxxx.xxxpredictiveMedium
24Filexxxxxxx.xxxpredictiveMedium
25Filexxx/xxx-xxxxx.xpredictiveHigh
26Filexxx_xxxx.xxxpredictiveMedium
27Filexxxx.xxxpredictiveMedium
28Filexxx/xxxxxx.xxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexxxx_xxxx.xxxpredictiveHigh
31Filexxxxxx/xxxxxx.xpredictiveHigh
32Filexxxxxxx.xxxpredictiveMedium
33Filexxxxx_xx.xxxxpredictiveHigh
34Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveHigh
35Filexxxx.xxxpredictiveMedium
36Filexxxx_xxxx.xxxpredictiveHigh
37Filexxx_xxxx.xxxpredictiveMedium
38Filexxxxxx.xpredictiveMedium
39Filexxxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxxx/xxxxxxx.xxxpredictiveHigh
41Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
42Filexxxxxx.xxxpredictiveMedium
43Filexxxxxxxxxxxxx.xxxpredictiveHigh
44Filexxxxx.xxxxpredictiveMedium
45Filexxxx-xxxxxx.xpredictiveHigh
46Filexxxxxxxxxxx.xxxpredictiveHigh
47Filexxxx.xxxpredictiveMedium
48Filexxxx.xpredictiveLow
49Filexxxx-xxxxx.xxxpredictiveHigh
50Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveHigh
51Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
52Filexx-xxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
53File~/xxxxxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
54Argumentxxxxxx/xxxxxxxxpredictiveHigh
55ArgumentxxxxxpredictiveLow
56ArgumentxxxxxxxxxxxxxxpredictiveHigh
57ArgumentxxxxxxxxpredictiveMedium
58ArgumentxxxpredictiveLow
59ArgumentxxxxxxxxxxpredictiveMedium
60ArgumentxxxxxpredictiveLow
61Argumentxxx_xxpredictiveLow
62ArgumentxxxpredictiveLow
63Argumentxxxx_xxpredictiveLow
64Argumentxxxxx/xxx_xxxxx/xxxxx/xxxxxxxxxxxpredictiveHigh
65ArgumentxxxxxxxpredictiveLow
66ArgumentxxxxpredictiveLow
67ArgumentxxxxxxxpredictiveLow
68ArgumentxxpredictiveLow
69ArgumentxxxxxxxxxpredictiveMedium
70Argumentxxxxx[xxxxx][xx]predictiveHigh
71ArgumentxxxxxxxxpredictiveMedium
72ArgumentxxxxxxxxpredictiveMedium
73ArgumentxxxxxxxxpredictiveMedium
74ArgumentxxxxpredictiveLow
75ArgumentxxxxxxpredictiveLow
76ArgumentxxxxxxxxxxpredictiveMedium
77Argumentxxxxxx xxxxxpredictiveMedium
78Argumentxxxx_xxpredictiveLow
79ArgumentxxxxxxxxpredictiveMedium
80Argumentxxxx_xxxpredictiveMedium
81Argumentxxxxxxx_xxpredictiveMedium
82ArgumentxxxxxxxxpredictiveMedium
83ArgumentxxxxxxpredictiveLow
84ArgumentxxxxxxxpredictiveLow
85Argumentxxxxx_xxxpredictiveMedium
86ArgumentxxxxxpredictiveLow
87ArgumentxxxpredictiveLow
88Argumentxxxxxxxx/xxxxpredictiveHigh
89Argumentxx_xxxx_xxxxxx_xxxxxxxxxxpredictiveHigh
90Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
91Network Portxxx/xxxxxpredictiveMedium

References (5)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!