IRGC Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (115)

Oś czasu

Język

en116

Kraj

de104
us10
ir2

Aktorzy

IRGC4
APT171
Ballistic Bobcat1
SMSspy1
IRATA1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Content Management System4
Operating System4
E-Commerce Management Software2
Calendar Software2
Forum Software2

Sprzedawca

Not Defined10
Microsoft4
YITH2
VMware2
IBM2

Produkt

Microsoft Windows4
GeniXCMS2
YITH WooCommerce Compare2
WebCalendar2
jforum2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php privilege escalation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.780.00943CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
3jforum User privilege escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00289CVE-2019-7550
4TikiWiki tiki-register.php privilege escalation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix10.000.01009CVE-2006-6168
5nginx privilege escalation6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.140.00241CVE-2020-12440
6Microsoft Windows IIS Server Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.00133CVE-2023-36434
7ajenti API privilege escalation7.16.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.01285CVE-2019-25066
8YITH WooCommerce Compare privilege escalation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00000
9Check Point Mobile Access/SSL VPN Portal Agent privilege escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00118CVE-2021-30358
10SonicWALL Secure Remote Access cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.020.03350CVE-2021-20028
11SonicWall SSLVPN SMA100 sql injection7.37.1$0-$5k$0-$5kFunctionalNot Defined0.020.02628CVE-2021-20016
12Microsoft Exchange Server Privilege Escalation9.08.2$25k-$100k$0-$5kUnprovenOfficial Fix0.000.00223CVE-2022-21969
13VMware vCenter Server Analytics Service privilege escalation8.68.5$5k-$25k$0-$5kFunctionalOfficial Fix0.020.97389CVE-2021-22005
14MC Coming Soon Script users.php privilege escalation6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00000
15Gophish cross site scripting3.63.6$0-$5kObliczenieNot DefinedOfficial Fix0.020.00054CVE-2019-16146
16GeniXCMS index.php cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00088CVE-2017-14765
17WebCalendar search.php cross site scripting3.53.5$0-$5kObliczenieNot DefinedNot Defined0.030.00000
18Microsoft Windows Work Folder Service privilege escalation7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00043CVE-2020-1094
19IBM Security Guardium Database Activity Monitor sql injection8.68.2$5k-$25kObliczenieNot DefinedOfficial Fix0.000.00136CVE-2016-0249

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
154.39.78.148ip148.ip-54-39-78.netIRGC2022-09-14verifiedWysoki
295.217.193.86static.86.193.217.95.clients.your-server.deIRGC2022-09-14verifiedWysoki
3XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxx2022-09-14verifiedWysoki
4XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxx2022-09-14verifiedWysoki
5XXX.XX.XXX.XXxxxxxx.xx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx2022-09-14verifiedWysoki
6XXX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx2022-09-14verifiedWysoki
7XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxx2022-09-14verifiedWysoki
8XXX.XXX.XXX.XXXXxxx2022-09-14verifiedWysoki
9XXX.XX.XX.XXXxxx-xx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxx2022-09-14verifiedWysoki
10XXX.XXX.XXX.XXxxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxxXxxx2022-09-14verifiedWysoki

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1059CWE-94Argument InjectionpredictiveWysoki
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveWysoki
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
4TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveWysoki
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
7TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/admin/users.phppredictiveWysoki
2Filedata/gbconfiguration.datpredictiveWysoki
3Filexxxxxxx/xxxxx.xxxpredictiveWysoki
4Filexxx/xxxxxx.xxxpredictiveWysoki
5Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveWysoki
6Filexxxxxx.xxxpredictiveMedium
7Filexxxx-xxxxxxxx.xxxpredictiveWysoki
8ArgumentxxxpredictiveNiski
9ArgumentxxxxxxxxpredictiveMedium
10Argumentxxxx xxpredictiveNiski

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Interested in the pricing of exploits?

See the underground prices here!