Iran Unknown Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (380)

Sequenza temporale

Linguaggio

en304
es28
ru12
de6
ko6

Nazione

us258
ru36
es20
fr8
gb6

Attori

Cobalt Strike2
SideWinder1
SystemBC1
TA5051
Scar1

Attività

Interesse

Sequenza temporale

Genere

Not Defined106
Content Management System32
Operating System30
Web Server14
Programming Language Software12

Fornitore

Not Defined74
Microsoft36
Google10
Apple10
SourceCodester8

Prodotto

Microsoft Windows22
WordPress8
Google Chrome6
Apache HTTP Server6
Joomla4

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConCTIEPSSCVE
1TikiWiki tiki-register.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix4.730.01009CVE-2006-6168
2LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable2.210.00000
3AWStats Config awstats.pl cross site scripting4.34.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.060.00587CVE-2006-3681
4Tiki Admin Password tiki-login.php autenticazione debole8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix3.620.00936CVE-2020-15906
5Serendipity exit.php escalazione di privilegi6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.180.00000
6Void Contact Form 7 Widget for Elementor Page Builder Plugin void_cf7_opt_in_user_data_track cross site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00062CVE-2022-47166
7SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.240.00132CVE-2022-28959
8nginx escalazione di privilegi6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.090.00241CVE-2020-12440
9Lars Ellingsen Guestserver guestbook.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.120.00169CVE-2005-4222
10SourceCodester Library Management System index.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00114CVE-2022-2492
11Composer URL escalazione di privilegi6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.06299CVE-2021-29472
12Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.580.01871CVE-2007-2046
13MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.400.01302CVE-2007-0354
14WordPress WP_Query sql injection6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.93536CVE-2022-21661
15Magento Search Module sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00070CVE-2021-21024
16ZoneMinder Language Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.38401CVE-2022-29806
17WordPress AdServe adclick.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.100.00073CVE-2008-0507
18SourceCodester Complaint Management System Lodge Complaint Section register-complaint.php escalazione di privilegi6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00045CVE-2024-1875
19Google Chrome Intents Remote Code Execution6.36.0$25k-$100k$5k-$25kHighOfficial Fix0.040.00404CVE-2021-38000
20Nordex Control 2 SCADA Wind Farm Portal Application cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.020.00277CVE-2015-6477

Campagne (1)

These are the campaigns that can be associated with the actor:

  • Albanian Government

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
146.30.189.66Iran UnknownAlbanian Government09/09/2022verifiedAlto
251.89.181.64ip64.ip-51-89-181.euIran Unknown21/11/2022verifiedAlto
366.219.22.235core96.hostingmadeeasy.comIran Unknown12/10/2022verifiedAlto
483.171.238.62558.cluster-nbg1.deIran Unknown12/10/2022verifiedAlto
5XX.XXX.XXX.XXXXxxx Xxxxxxx21/11/2021verifiedAlto
6XXX.XX.X.XXxxxxxx.xx.x.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx XxxxxxxXxxxxxxx Xxxxxxxxxx09/09/2022verifiedAlto
7XXX.XX.XXX.XXXxxxxxxxx.xxXxxx Xxxxxxx21/11/2022verifiedAlto
8XXX.XXX.XXX.XXXxxxx-xxxxxxx.xxxxx.xxxxx.xxXxxx XxxxxxxXxxxxxxx Xxxxxxxxxx09/09/2022verifiedAlto
9XXX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx XxxxxxxXxxxxxxx Xxxxxxxxxx09/09/2022verifiedAlto
10XXX.XX.XXX.XXXxxx Xxxxxxx21/11/2021verifiedAlto
11XXX.XX.XXX.XXxxxxxx.xx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx Xxxxxxx21/11/2021verifiedAlto
12XXX.X.XX.XXXxxxxxx.xxx.xx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx XxxxxxxXxxxxxxx Xxxxxxxxxx09/09/2022verifiedAlto
13XXX.XX.XXX.XXxxx Xxxxxxx21/11/2022verifiedAlto
14XXX.XX.XX.XXXXxxx XxxxxxxXxxxxxxx Xxxxxxxxxx09/09/2022verifiedAlto
15XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxx Xxxxxxx12/10/2022verifiedAlto
16XXX.XXX.XX.XXXxxxxxxx.xxxxxxx.xx.xxXxxx Xxxxxxx12/10/2022verifiedAlto
17XXX.XX.XXX.XXXxxx XxxxxxxXxxxxxxx Xxxxxxxxxx09/09/2022verifiedAlto
18XXX.XX.XXX.XXXxxx XxxxxxxXxxxxxxx Xxxxxxxxxx09/09/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CWE-22Path TraversalpredictiveAlto
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveAlto
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
4T1059CWE-94Argument InjectionpredictiveAlto
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
7TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
10TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
12TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveAlto
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
14TXXXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveAlto
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveAlto
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
17TXXXX.XXXCWE-XXXXxxxxxxxpredictiveAlto
18TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
19TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
20TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
21TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (173)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File//etc/RT2870STA.datpredictiveAlto
2File/admin/maintenance/view_designation.phppredictiveAlto
3File/administration/theme.phppredictiveAlto
4File/api/index.phppredictiveAlto
5File/boafrm/formFilterpredictiveAlto
6File/cgi-bin/webprocpredictiveAlto
7File/check_availability.phppredictiveAlto
8File/clinic/medical_records_view.phppredictiveAlto
9File/coreframe/app/pay/admin/index.phppredictiveAlto
10File/dashboard/Cinvoice/manage_invoicepredictiveAlto
11File/forum/away.phppredictiveAlto
12File/importexport.phppredictiveAlto
13File/index.phppredictiveMedia
14File/mobileredir/openApp.jsppredictiveAlto
15File/ofrs/admin/?page=requests/manage_requestpredictiveAlto
16File/searchpredictiveBasso
17File/spip.phppredictiveMedia
18File/usr/www/ja/mnt_cmd.cgipredictiveAlto
19File/wp-admin/admin-ajax.phppredictiveAlto
20Fileactive.logpredictiveMedia
21Fileactivenews_view.asppredictiveAlto
22Filexxxxxxx.xxxpredictiveMedia
23Filexxxxx.xxxpredictiveMedia
24Filexxxxxxx/xxxx/xxxxxx.xxxpredictiveAlto
25Filexxxxxxxxxxxx.xxxpredictiveAlto
26Filexxxxxxxx.xxxpredictiveMedia
27Filexxx_xxxxxxx.xxxpredictiveAlto
28Filexxxxxxxxxx.xxxpredictiveAlto
29Filexxxx-xxxx.xpredictiveMedia
30Filexxxxx.xxxpredictiveMedia
31Filexxxx_xxxx_xx.xxpredictiveAlto
32Filexxxxxxx.xxpredictiveMedia
33Filexxxxx/xxxx-xxxx.xpredictiveAlto
34Filexxxxxxxxxxx.xxxpredictiveAlto
35Filexxx.xxxpredictiveBasso
36Filexxxxxxx.xxxpredictiveMedia
37Filexxx-xxx/xxx_xxx_xxxxxx.xxxpredictiveAlto
38Filexxx-xxx/xxxxx/xxxxx/xxxxx/xxx_xxxx/xxxx_xxxx/predictiveAlto
39Filexxxxx.xxxpredictiveMedia
40Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveAlto
41Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictiveAlto
42Filexxxxxxxxx/xxx/xxxxx/xxxxx/xxxxx.xxxpredictiveAlto
43Filexxxxx.xxxxpredictiveMedia
44Filexxxxxxx.xxxpredictiveMedia
45Filexxxxxx.xxxpredictiveMedia
46Filexxxxx.xxxpredictiveMedia
47Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictiveAlto
48Filexxxx.xxxpredictiveMedia
49Filexxxxxxx.xxxpredictiveMedia
50Filexxx/xxx-xxxxx.xpredictiveAlto
51Filexxxxxxx.xxxpredictiveMedia
52Filexxxx/xxxxpredictiveMedia
53Filexxx_xxxx.xxxpredictiveMedia
54Filexxxx.xxxpredictiveMedia
55Filexxxxxxxxx.xxxpredictiveAlto
56Filexx/xxx/xxxx_xxxxx.xpredictiveAlto
57Filexxxxxx.xxxpredictiveMedia
58Filexxx/xxxxxx.xxxpredictiveAlto
59Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveAlto
60Filexxxxx.xxxxpredictiveMedia
61Filexxxxx.xxxpredictiveMedia
62Filexxxxxx.xxxpredictiveMedia
63Filexxxx_xxxx.xxxpredictiveAlto
64Filexxxxxx/xxxxxx.xpredictiveAlto
65Filexxxxxxx.xxxpredictiveMedia
66Filexxxxx_xx.xxxxpredictiveAlto
67Filexxxxxx_xxxx.xxxpredictiveAlto
68Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveAlto
69Filexxxx.xxxpredictiveMedia
70Filexxxx_xxxx.xxxpredictiveAlto
71Filexxx_xxxx.xxxpredictiveMedia
72Filexxxxxx.xpredictiveMedia
73Filexxxxxxxxx.xxx.xxxpredictiveAlto
74Filexxxxxxx_xxxxxx_xxx.xxxxpredictiveAlto
75Filexxxxxxxxxxxxx.xxxpredictiveAlto
76Filexxxxx/xxxxxxx.xxxpredictiveAlto
77Filexxxxxxxx.xxxpredictiveMedia
78Filexxxxxxxx.xxxpredictiveMedia
79Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveAlto
80Filexxxxxxxxxxxxxxx.xxxpredictiveAlto
81Filexxxxxx.xxxpredictiveMedia
82Filexxxxxxxxxxxxx.xxxpredictiveAlto
83Filexxxxxx_xxxx.xxxpredictiveAlto
84Filexxxxx.xxxxpredictiveMedia
85Filexxxx-xxxxxx.xpredictiveAlto
86Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveAlto
87Filexxxxxxxxxxx.xxxpredictiveAlto
88Filexxxx.xxxpredictiveMedia
89Filexxxxxxx-xxxxxxx.xxxpredictiveAlto
90Filexxxx.xpredictiveBasso
91Filexxxx-xxxxxxxx.xxxpredictiveAlto
92Filexxxx-xxxxx.xxxpredictiveAlto
93Filexxxx-xxxxxxxx.xxxpredictiveAlto
94Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictiveAlto
95Filexxx_xxxxxx.xxxpredictiveAlto
96Filexxxxxxxx.xxxpredictiveMedia
97Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveAlto
98Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveAlto
99Filexx-xxxxxxxx/xx/xxxxxxxxxxxxpredictiveAlto
100Filexx-xxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveAlto
101Filexxxx.xxxpredictiveMedia
102Filexxxxxxxxxxx.xxxpredictiveAlto
103File\xxxxx\xxxxx\xxxxxxxxx.xxxpredictiveAlto
104File~/xxxxxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveAlto
105Argumentxxxxxx/xxxxxxxxpredictiveAlto
106ArgumentxxxxpredictiveBasso
107ArgumentxxxxxpredictiveBasso
108ArgumentxxxxxxxxxpredictiveMedia
109ArgumentxxxxxxxxxxxxxxpredictiveAlto
110ArgumentxxxxxxxxpredictiveMedia
111ArgumentxxxpredictiveBasso
112ArgumentxxxxxxxxxxpredictiveMedia
113ArgumentxxxxxpredictiveBasso
114Argumentxxx_xxpredictiveBasso
115ArgumentxxxxxxxxxxpredictiveMedia
116ArgumentxxxpredictiveBasso
117Argumentxxxx_xxpredictiveBasso
118Argumentxxxxx/xxx_xxxxx/xxxxx/xxxxxxxxxxxpredictiveAlto
119ArgumentxxxxxxpredictiveBasso
120Argumentxxxxxxxxxxxx/xxxxxxxxxxxpredictiveAlto
121Argumentxxxxxxxxx[x]predictiveMedia
122Argumentxxxxxxxxxxx/xxxx/xxxxxxxpredictiveAlto
123ArgumentxxxxpredictiveBasso
124ArgumentxxxxxxxpredictiveBasso
125ArgumentxxxxpredictiveBasso
126ArgumentxxxxpredictiveBasso
127Argumentxxxxxx[xxxxxxx]predictiveAlto
128ArgumentxxxxxxxxxxxpredictiveMedia
129ArgumentxxxxxxxpredictiveBasso
130ArgumentxxxxpredictiveBasso
131ArgumentxxpredictiveBasso
132ArgumentxxxxxxxxxpredictiveMedia
133Argumentxx_xxxxxxxxpredictiveMedia
134Argumentxx_xxxxxpredictiveMedia
135Argumentxx_xxxxpredictiveBasso
136ArgumentxxxxxxxxxxpredictiveMedia
137Argumentxxxxx[xxxxx][xx]predictiveAlto
138ArgumentxxxxxxxxpredictiveMedia
139ArgumentxxxxxxxxpredictiveMedia
140ArgumentxxxxxxxxpredictiveMedia
141ArgumentxxxxpredictiveBasso
142ArgumentxxxxxxpredictiveBasso
143ArgumentxxxxxxxxxxpredictiveMedia
144Argumentxxxxxx xxxxxpredictiveMedia
145ArgumentxxxxxxpredictiveBasso
146Argumentxxxx_xxpredictiveBasso
147ArgumentxxxxxxxxxxxpredictiveMedia
148ArgumentxxxxpredictiveBasso
149ArgumentxxxxxxxxpredictiveMedia
150Argumentxxxx_xxxpredictiveMedia
151ArgumentxxxxxxxxxpredictiveMedia
152Argumentxxxxxxx_xxpredictiveMedia
153ArgumentxxxxxxxxpredictiveMedia
154Argumentxxxxxxxxxxx/xxxxpredictiveAlto
155Argumentxxxxxxxx_xxx/xxxxxx_xxpredictiveAlto
156ArgumentxxxxxxxxpredictiveMedia
157ArgumentxxxxxxpredictiveBasso
158ArgumentxxxxxxxxxxxxpredictiveMedia
159ArgumentxxxxxxxpredictiveBasso
160Argumentxxxxx_xxxpredictiveMedia
161ArgumentxxxxxpredictiveBasso
162ArgumentxxxxxpredictiveBasso
163ArgumentxxxxxpredictiveBasso
164ArgumentxxxxxxxxxxxxxxxpredictiveAlto
165Argumentxxxxxxxxxxx/xxxxxx/xxxxxxxxxx/xxxxxxxxpredictiveAlto
166ArgumentxxxpredictiveBasso
167Argumentxxxxxxxx/xxxxpredictiveAlto
168Argumentxx_xxxx_xxxxxx_xxxxxxxxxxpredictiveAlto
169Input Value"><xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveAlto
170Input Value<xxx xxxxxx=xxxxx(xxxx)>predictiveAlto
171Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveAlto
172Network Portxxx/xxxxxpredictiveMedia
173Network Portxxx/xxx, xxx/xxx, xxx/xxxx, xxx/xxxxpredictiveAlto

Referenze (5)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!