IRGC Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (115)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	116

Country

de	96
us	12
ir	6

Actors

IRGC	4
APT17	1
Aurora Stealer	1
IRATA	1
SMSspy	1

Activities

Interest

Timeline

Type

Not Defined	4
Calendar Software	2
Operating System	2
Network Encryption Software	2
Policy Management Software	2

Vendor

Not Defined	8
Microsoft	2
Check Point	2
IBM	2
SonicWALL	2

Product

WebCalendar	2
Microsoft Windows	2
Check Point Mobile Access	2
Check Point SSL VPN	2
IBM Security Guardium Database Activity Monitor	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	1.32	0.00954	CVE-2010-0966
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.03	0.01806	CVE-2007-1192
3	jforum User input validation	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00289	CVE-2019-7550
4	TikiWiki tiki-register.php input validation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	1.32	0.01009	CVE-2006-6168
5	nginx request smuggling	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	3.30	0.00000	CVE-2020-12440
6	Microsoft Windows IIS Server Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.16	0.00114	CVE-2023-36434
7	ajenti API privileges management	6.3	5.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.13	0.00500	CVE-2019-25066
8	YITH WooCommerce Compare code injection	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00000
9	Check Point Mobile Access/SSL VPN Portal Agent os command injection	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00118	CVE-2021-30358
10	SonicWALL Secure Remote Access cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.04593	CVE-2021-20028
11	SonicWall SSLVPN SMA100 sql injection	7.3	7.1	$0-$5k	$0-$5k	Functional	Not Defined	0.03	0.01935	CVE-2021-20016
12	Microsoft Exchange Server Privilege Escalation	9.0	8.2	$25k-$100k	$0-$5k	Unproven	Official Fix	0.02	0.00098	CVE-2022-21969
13	VMware vCenter Server Analytics Service unrestricted upload	8.6	8.5	$5k-$25k	$0-$5k	Functional	Official Fix	0.00	0.96983	CVE-2021-22005
14	MC Coming Soon Script users.php privileges management	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00000
15	Gophish cross site scripting	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00054	CVE-2019-16146
16	GeniXCMS index.php cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00088	CVE-2017-14765
17	WebCalendar search.php cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00000
18	Microsoft Windows Work Folder Service privileges management	7.3	7.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.00043	CVE-2020-1094
19	IBM Security Guardium Database Activity Monitor sql injection	8.6	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00136	CVE-2016-0249

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	54.39.78.148	ip148.ip-54-39-78.net	IRGC	09/14/2022	verified	High
2	95.217.193.86	static.86.193.217.95.clients.your-server.de	IRGC	09/14/2022	verified	High
3	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	09/14/2022	verified	High
4	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	09/14/2022	verified	High
5	XXX.XX.XXX.XX	xxxxxx.xx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxx	09/14/2022	verified	High
6	XXX.XXX.XX.XXX	xxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxx	09/14/2022	verified	High
7	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	09/14/2022	verified	High
8	XXX.XXX.XXX.XXX		Xxxx	09/14/2022	verified	High
9	XXX.XX.XX.XXX	xxx-xx-xx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	09/14/2022	verified	High
10	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	09/14/2022	verified	High

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1059	CWE-94	Cross Site Scripting	predictive	High
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	High
3	TXXXX	CWE-XXX	X2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx Xxxxxxx	predictive	High
4	TXXXX	CWE-XX	Xxxxxxx Xxxxxxxxx	predictive	High
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
6	TXXXX	CWE-XXX	Xxxxxxxxxxxxx	predictive	High
7	TXXXX.XXX	CWE-XXX	Xxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/admin/users.php	predictive	High
2	File	data/gbconfiguration.dat	predictive	High
3	File	xxxxxxx/xxxxx.xxx	predictive	High
4	File	xxx/xxxxxx.xxx	predictive	High
5	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	High
6	File	xxxxxx.xxx	predictive	Medium
7	File	xxxx-xxxxxxxx.xxx	predictive	High
8	Argument	xxx	predictive	Low
9	Argument	xxxxxxxx	predictive	Medium
10	Argument	xxxx xx	predictive	Low

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!