IRGC تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (115)

اللغة

en	116

البلد

de	88
us	20
ir	4
cn	2

الفاعلين

IRGC	5
Meterpreter	1
APT17	1
Brute Ratel C4	1
Cobalt Strike	1

الاهتمام

النوع

Not Defined	8
Firewall Software	2
Forum Software	2
Operating System	2
Groupware Software	2

المجهز

Not Defined	12
Microsoft	4
VMware	2
DZCP	2

منتج

SonicWall SSLVPN SMA100	2
jforum	2
Microsoft Windows	2
MC Coming Soon Script	2
ajenti	2

الثغرات

#	الثغرة	Base	Temp	0day	اليوم	ق�	معالجة	CTI	EPSS	CVE
1	DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.69	0.00943	CVE-2010-0966
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
3	jforum User تجاوز الصلاحيات	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05	0.00289	CVE-2019-7550
4	TikiWiki tiki-register.php تجاوز الصلاحيات	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	7.86	0.01009	CVE-2006-6168
5	nginx تجاوز الصلاحيات	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.07	0.00241	CVE-2020-12440
6	Microsoft Windows IIS Server Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00	0.00133	CVE-2023-36434
7	ajenti API تجاوز الصلاحيات	7.1	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.07	0.01285	CVE-2019-25066
8	YITH WooCommerce Compare تجاوز الصلاحيات	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00000
9	Check Point Mobile Access/SSL VPN Portal Agent تجاوز الصلاحيات	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00118	CVE-2021-30358
10	SonicWALL Secure Remote Access سكربتات مشتركة	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.03350	CVE-2021-20028
11	SonicWall SSLVPN SMA100 حقن إس كيو إل	7.3	7.1	$0-$5k	$0-$5k	Functional	Not Defined	0.02	0.02628	CVE-2021-20016
12	Microsoft Exchange Server Privilege Escalation	9.0	8.2	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00	0.00223	CVE-2022-21969
13	VMware vCenter Server Analytics Service تجاوز الصلاحيات	8.6	8.5	$5k-$25k	$0-$5k	Functional	Official Fix	0.02	0.97389	CVE-2021-22005
14	MC Coming Soon Script users.php تجاوز الصلاحيات	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.00000
15	Gophish سكربتات مشتركة	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00054	CVE-2019-16146
16	GeniXCMS index.php سكربتات مشتركة	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00088	CVE-2017-14765
17	WebCalendar search.php سكربتات مشتركة	3.5	3.5	$0-$5k	جاري الحساب	Not Defined	Not Defined	0.03	0.00000
18	Microsoft Windows Work Folder Service تجاوز الصلاحيات	7.3	7.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.00043	CVE-2020-1094
19	IBM Security Guardium Database Activity Monitor حقن إس كيو إل	8.6	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00136	CVE-2016-0249

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	عنوان بروتوكول الإنترنت	Hostname	ممثل	Identified	النوع	الثقة
1	54.39.78.148	ip148.ip-54-39-78.net	IRGC	14/09/2022	verified	عالي
2	95.217.193.86	static.86.193.217.95.clients.your-server.de	IRGC	14/09/2022	verified	عالي
3	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	14/09/2022	verified	عالي
4	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	14/09/2022	verified	عالي
5	XXX.XX.XXX.XX	xxxxxx.xx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxx	14/09/2022	verified	عالي
6	XXX.XXX.XX.XXX	xxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxx	14/09/2022	verified	عالي
7	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	14/09/2022	verified	عالي
8	XXX.XXX.XXX.XXX		Xxxx	14/09/2022	verified	عالي
9	XXX.XX.XX.XXX	xxx-xx-xx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	14/09/2022	verified	عالي
10	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	14/09/2022	verified	عالي

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	الثغرات	متجه الوصول	النوع	الثقة
1	T1059	CWE-94	Argument Injection	predictive	عالي
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	عالي
3	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
4	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	عالي
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	عالي
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	عالي
7	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	عالي

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	الفئة	Indicator	النوع	الثقة
1	File	/admin/users.php	predictive	عالي
2	File	data/gbconfiguration.dat	predictive	عالي
3	File	xxxxxxx/xxxxx.xxx	predictive	عالي
4	File	xxx/xxxxxx.xxx	predictive	عالي
5	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	عالي
6	File	xxxxxx.xxx	predictive	متوسط
7	File	xxxx-xxxxxxxx.xxx	predictive	عالي
8	Argument	xxx	predictive	واطئ
9	Argument	xxxxxxxx	predictive	متوسط
10	Argument	xxxx xx	predictive	واطئ

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي ▸نظرة عامة◂ السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!