IRGC Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (115)

Idioma

en	116

País

de	104
us	8
ir	4

Actores

IRGC	6
APT17	1
Aurora Stealer	1
Ballistic Bobcat	1
SMSspy	1

Interesar

Escribe

Not Defined	8
Policy Management Software	2
Calendar Software	2
Remote Access Software	2
Forum Software	2

Proveedor

Not Defined	12
IBM	2
SonicWALL	2
YITH	2
DZCP	2

Producto

Gophish	2
IBM Security Guardium Database Activity Monitor	2
WebCalendar	2
MC Coming Soon Script	2
SonicWALL Secure Remote Access	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	DZCP deV!L`z Clanportal config.php escalada de privilegios	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.54	CVE-2010-0966
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
3	jforum User escalada de privilegios	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.05	CVE-2019-7550
4	TikiWiki tiki-register.php escalada de privilegios	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01009	1.08	CVE-2006-6168
5	nginx escalada de privilegios	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	3.67	CVE-2020-12440
6	Microsoft Windows IIS Server Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00133	0.18	CVE-2023-36434
7	ajenti API escalada de privilegios	7.1	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01285	0.18	CVE-2019-25066
8	YITH WooCommerce Compare escalada de privilegios	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.02
9	Check Point Mobile Access/SSL VPN Portal Agent escalada de privilegios	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00118	0.03	CVE-2021-30358
10	SonicWALL Secure Remote Access cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02391	0.02	CVE-2021-20028
11	SonicWall SSLVPN SMA100 sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Not Defined	0.02628	0.04	CVE-2021-20016
12	Microsoft Exchange Server Privilege Escalation	9.0	8.2	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00195	0.00	CVE-2022-21969
13	VMware vCenter Server Analytics Service escalada de privilegios	8.6	8.5	$5k-$25k	$0-$5k	High	Official Fix	0.97389	0.00	CVE-2021-22005
14	MC Coming Soon Script users.php escalada de privilegios	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
15	Gophish cross site scripting	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.00	CVE-2019-16146
16	GeniXCMS index.php cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00088	0.00	CVE-2017-14765
17	WebCalendar search.php cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.00
18	Microsoft Windows Work Folder Service escalada de privilegios	7.3	7.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00043	0.00	CVE-2020-1094
19	IBM Security Guardium Database Activity Monitor sql injection	8.6	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00136	0.00	CVE-2016-0249

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Identified	Escribe	Confianza
1	54.39.78.148	ip148.ip-54-39-78.net	IRGC	2022-09-14	verified	Alto
2	95.217.193.86	static.86.193.217.95.clients.your-server.de	IRGC	2022-09-14	verified	Alto
3	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	2022-09-14	verified	Alto
4	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	2022-09-14	verified	Alto
5	XXX.XX.XXX.XX	xxxxxx.xx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxx	2022-09-14	verified	Alto
6	XXX.XXX.XX.XXX	xxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxx	2022-09-14	verified	Alto
7	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	2022-09-14	verified	Alto
8	XXX.XXX.XXX.XXX		Xxxx	2022-09-14	verified	Alto
9	XXX.XX.XX.XXX	xxx-xx-xx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	2022-09-14	verified	Alto
10	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	2022-09-14	verified	Alto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Clase	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
2	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
3	TXXXX	CAPEC-122	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
7	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/admin/users.php	predictive	Alto
2	File	data/gbconfiguration.dat	predictive	Alto
3	File	xxxxxxx/xxxxx.xxx	predictive	Alto
4	File	xxx/xxxxxx.xxx	predictive	Alto
5	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	Alto
6	File	xxxxxx.xxx	predictive	Medio
7	File	xxxx-xxxxxxxx.xxx	predictive	Alto
8	Argument	xxx	predictive	Bajo
9	Argument	xxxxxxxx	predictive	Medio
10	Argument	xxxx xx	predictive	Bajo

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Do you need the next level of professionalism?

Upgrade your account now!