Iran Unknown Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (395)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en318
es24
ru14
de8
ar6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us256
ru40
es20
pt14
fr10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike3
SideWinder1
SystemBC1
TA5051
Scar1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined122
Content Management System22
Operating System18
WordPress Plugin16
Web Server16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined102
Microsoft20
Apache12
SourceCodester10
Cisco10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows14
Apache HTTP Server8
nginx6
Oracle MySQL Server6
WordPress4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010759.76CVE-2006-6168
2LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.94
3AWStats Config awstats.pl cross site scripting4.34.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005870.18CVE-2006-3681
4Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.19CVE-2020-15906
5Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.31
6Void Contact Form 7 Widget for Elementor Page Builder Plugin void_cf7_opt_in_user_data_track cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2022-47166
7SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001321.16CVE-2022-28959
8nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.06CVE-2020-12440
9Lars Ellingsen Guestserver guestbook.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001690.22CVE-2005-4222
10SourceCodester Library Management System index.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001140.04CVE-2022-2492
11Composer URL code injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.086500.00CVE-2021-29472
12Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.018710.36CVE-2007-2046
13MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.80CVE-2007-0354
14WordPress WP_Query sql injection6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.938470.04CVE-2022-21661
15Magento Search Module sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000700.02CVE-2021-21024
16Keenetic KN-1010/KN-1410/KN-1711/KN-1810/KN-1910 Configuration Setting ndmComponents.js information disclosure5.34.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.000450.13CVE-2024-4021
17ZoneMinder Language Privilege Escalation6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.384010.05CVE-2022-29806
18WordPress AdServe adclick.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.04CVE-2008-0507
19SourceCodester Complaint Management System Lodge Complaint Section register-complaint.php unrestricted upload6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.31CVE-2024-1875
20Google Chrome Intents Remote Code Execution6.36.0$25k-$100k$5k-$25kHighOfficial Fix0.004040.03CVE-2021-38000

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Albanian Government

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
146.30.189.66Iran UnknownAlbanian Government09/09/2022verifiedHigh
251.89.181.64ip64.ip-51-89-181.euIran Unknown11/21/2022verifiedHigh
366.219.22.235core96.hostingmadeeasy.comIran Unknown10/12/2022verifiedHigh
483.171.238.62558.cluster-nbg1.deIran Unknown10/12/2022verifiedHigh
5XX.XXX.XXX.XXXXxxx Xxxxxxx11/21/2021verifiedHigh
6XXX.XX.X.XXxxxxxx.xx.x.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx XxxxxxxXxxxxxxx Xxxxxxxxxx09/09/2022verifiedHigh
7XXX.XX.XXX.XXXxxxxxxxx.xxXxxx Xxxxxxx11/21/2022verifiedHigh
8XXX.XXX.XXX.XXXxxxx-xxxxxxx.xxxxx.xxxxx.xxXxxx XxxxxxxXxxxxxxx Xxxxxxxxxx09/09/2022verifiedHigh
9XXX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx XxxxxxxXxxxxxxx Xxxxxxxxxx09/09/2022verifiedHigh
10XXX.XX.XXX.XXXxxx Xxxxxxx11/21/2021verifiedHigh
11XXX.XX.XXX.XXxxxxxx.xx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx Xxxxxxx11/21/2021verifiedHigh
12XXX.X.XX.XXXxxxxxx.xxx.xx.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxx XxxxxxxXxxxxxxx Xxxxxxxxxx09/09/2022verifiedHigh
13XXX.XX.XXX.XXxxx Xxxxxxx11/21/2022verifiedHigh
14XXX.XX.XX.XXXXxxx XxxxxxxXxxxxxxx Xxxxxxxxxx09/09/2022verifiedHigh
15XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxx Xxxxxxx10/12/2022verifiedHigh
16XXX.XXX.XX.XXXxxxxxxx.xxxxxxx.xx.xxXxxx Xxxxxxx10/12/2022verifiedHigh
17XXX.XX.XXX.XXXxxx XxxxxxxXxxxxxxx Xxxxxxxxxx09/09/2022verifiedHigh
18XXX.XX.XXX.XXXxxx XxxxxxxXxxxxxxx Xxxxxxxxxx09/09/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-425Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCAPEC-49CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-102CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
18TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
20TXXXX.XXXCAPEC-59CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
21TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (181)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File//etc/RT2870STA.datpredictiveHigh
2File/admin/maintenance/view_designation.phppredictiveHigh
3File/administration/theme.phppredictiveHigh
4File/api/index.phppredictiveHigh
5File/boafrm/formFilterpredictiveHigh
6File/cgi-bin/predictiveMedium
7File/cgi-bin/webprocpredictiveHigh
8File/check_availability.phppredictiveHigh
9File/clinic/medical_records_view.phppredictiveHigh
10File/control/register_case.phppredictiveHigh
11File/coreframe/app/pay/admin/index.phppredictiveHigh
12File/dashboard/Cinvoice/manage_invoicepredictiveHigh
13File/forum/away.phppredictiveHigh
14File/importexport.phppredictiveHigh
15File/index.phppredictiveMedium
16File/manage_receiving.phppredictiveHigh
17File/mobileredir/openApp.jsppredictiveHigh
18File/ndmComponents.jspredictiveHigh
19File/ofrs/admin/?page=requests/manage_requestpredictiveHigh
20File/searchpredictiveLow
21File/spip.phppredictiveMedium
22File/userLogin.asppredictiveHigh
23File/xxx/xxx/xx/xxx_xxx.xxxpredictiveHigh
24File/xxxx/xxxxxxx_xxxx_xxxx_xxxxxx_xxxxx.xxxpredictiveHigh
25File/xx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
26Filexxxxxx.xxxpredictiveMedium
27Filexxxxxxxxxx_xxxx.xxxpredictiveHigh
28Filexxxxxxx.xxxpredictiveMedium
29Filexxxxx.xxxpredictiveMedium
30Filexxxxxxx/xxxx/xxxxxx.xxxpredictiveHigh
31Filexxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxxxx.xxxpredictiveMedium
33Filexxx_xxxxxxx.xxxpredictiveHigh
34Filexxxxxxxxxx.xxxpredictiveHigh
35Filexxxx-xxxx.xpredictiveMedium
36Filexxxxx.xxxpredictiveMedium
37Filexxxx_xxxx_xx.xxpredictiveHigh
38Filexxxxxxx.xxpredictiveMedium
39Filexxxxx/xxxx-xxxx.xpredictiveHigh
40Filexxxxxxxxxxx.xxxpredictiveHigh
41Filexxx.xxxpredictiveLow
42Filexxxxxxx.xxxpredictiveMedium
43Filexxx-xxx/xxx_xxx_xxxxxx.xxxpredictiveHigh
44Filexxx-xxx/xxxxx/xxxxx/xxxxx/xxx_xxxx/xxxx_xxxx/predictiveHigh
45Filexxxxx.xxxpredictiveMedium
46Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
47Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictiveHigh
48Filexxxxxxxxx/xxx/xxxxx/xxxxx/xxxxx.xxxpredictiveHigh
49Filexxxxx.xxxxpredictiveMedium
50Filexxxxxxx.xxxpredictiveMedium
51Filexxxxxx.xxxpredictiveMedium
52Filexxxxx.xxxpredictiveMedium
53Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
54Filexxxx.xxxpredictiveMedium
55Filexxxxxxxx-xxxxxx-xxxxxx.xxxpredictiveHigh
56Filexxxxxxx.xxxpredictiveMedium
57Filexxx/xxx-xxxxx.xpredictiveHigh
58Filexxxxxxx.xxxpredictiveMedium
59Filexxxx/xxxxpredictiveMedium
60Filexxx_xxxx.xxxpredictiveMedium
61Filexxxx.xxxpredictiveMedium
62Filexxxxxxxxx.xxxpredictiveHigh
63Filexx/xxx/xxxx_xxxxx.xpredictiveHigh
64Filexxxxxx.xxxpredictiveMedium
65Filexxx/xxxxxx.xxxpredictiveHigh
66Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
67Filexxxxx.xxxxpredictiveMedium
68Filexxxxx.xxxpredictiveMedium
69Filexxxxxx.xxxpredictiveMedium
70Filexxxx_xxxx.xxxpredictiveHigh
71Filexxxxxx/xxxxxx.xpredictiveHigh
72Filexxxxxxx.xxxpredictiveMedium
73Filexxxxx_xx.xxxxpredictiveHigh
74Filexxxxxx_xxxx.xxxpredictiveHigh
75Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveHigh
76Filexxxx.xxxpredictiveMedium
77Filexxxx_xxxx.xxxpredictiveHigh
78Filexxx_xxxx.xxxpredictiveMedium
79Filexxxxxx.xpredictiveMedium
80Filexxxxxxxxx.xxx.xxxpredictiveHigh
81Filexxxxxxx_xxxxxx_xxx.xxxxpredictiveHigh
82Filexxxxxxxxxxxxx.xxxpredictiveHigh
83Filexxxxx/xxxxxxx.xxxpredictiveHigh
84Filexxxxxxxx.xxxpredictiveMedium
85Filexxxxxxxx.xxxpredictiveMedium
86Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
87Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
88Filexxxxxx.xxxpredictiveMedium
89Filexxxxxxxxxxxxx.xxxpredictiveHigh
90Filexxxxxx_xxxx.xxxpredictiveHigh
91Filexxxxx.xxxxpredictiveMedium
92Filexxxx-xxxxxx.xpredictiveHigh
93Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
94Filexxxxxxxxxxx.xxxpredictiveHigh
95Filexxxx.xxxpredictiveMedium
96Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
97Filexxxx.xpredictiveLow
98Filexxxx-xxxxxxxx.xxxpredictiveHigh
99Filexxxx-xxxxx.xxxpredictiveHigh
100Filexxxx-xxxxxxxx.xxxpredictiveHigh
101Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
102Filexxx_xxxxxx.xxxpredictiveHigh
103Filexxxxxxxx.xxxpredictiveMedium
104Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveHigh
105Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
106Filexx-xxxxxxxx/xx/xxxxxxxxxxxxpredictiveHigh
107Filexx-xxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
108Filexxxx.xxxpredictiveMedium
109Filexxxxxxxxxxx.xxxpredictiveHigh
110File\xxxxx\xxxxx\xxxxxxxxx.xxxpredictiveHigh
111File~/xxxxxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
112Argumentxxxxxx/xxxxxxxxpredictiveHigh
113ArgumentxxxxpredictiveLow
114ArgumentxxxxxpredictiveLow
115ArgumentxxxxxxxxxpredictiveMedium
116ArgumentxxxxxxxxxxxxxxpredictiveHigh
117ArgumentxxxxxxxxpredictiveMedium
118ArgumentxxxpredictiveLow
119ArgumentxxxxxxxxxxpredictiveMedium
120ArgumentxxxxxpredictiveLow
121Argumentxxx_xxpredictiveLow
122ArgumentxxxxxxxxxxpredictiveMedium
123ArgumentxxxpredictiveLow
124Argumentxxxx_xxpredictiveLow
125Argumentxxxxx/xxx_xxxxx/xxxxx/xxxxxxxxxxxpredictiveHigh
126ArgumentxxxxxxpredictiveLow
127Argumentxxxxxxxxxxxx/xxxxxxxxxxxpredictiveHigh
128Argumentxxxxxxxxx[x]predictiveMedium
129Argumentxxxxxxxxxxx/xxxx/xxxxxxxpredictiveHigh
130ArgumentxxxxpredictiveLow
131ArgumentxxxxxxxpredictiveLow
132ArgumentxxxxpredictiveLow
133ArgumentxxxxpredictiveLow
134Argumentxxxxxx[xxxxxxx]predictiveHigh
135ArgumentxxxxxxxxxxxpredictiveMedium
136ArgumentxxxxxxxpredictiveLow
137ArgumentxxxxpredictiveLow
138ArgumentxxpredictiveLow
139ArgumentxxxxxxxxxpredictiveMedium
140Argumentxx_xxxxxxxxpredictiveMedium
141Argumentxx_xxxxxpredictiveMedium
142Argumentxx_xxxxpredictiveLow
143ArgumentxxxxxxxxxxpredictiveMedium
144Argumentxxxxx[xxxxx][xx]predictiveHigh
145ArgumentxxxxxxxxpredictiveMedium
146ArgumentxxxxxxxxpredictiveMedium
147ArgumentxxxxxxxxpredictiveMedium
148ArgumentxxxxpredictiveLow
149ArgumentxxxxxxpredictiveLow
150ArgumentxxxxxxxxxxpredictiveMedium
151Argumentxxxxxx xxxxxpredictiveMedium
152ArgumentxxxxxxpredictiveLow
153Argumentxxxx_xxpredictiveLow
154ArgumentxxxxxxxxxxxpredictiveMedium
155ArgumentxxxxpredictiveLow
156ArgumentxxxxxxxxpredictiveMedium
157Argumentxxxx_xxxpredictiveMedium
158ArgumentxxxxxxxxxpredictiveMedium
159Argumentxxxxxxx_xxpredictiveMedium
160ArgumentxxxxxxxxpredictiveMedium
161Argumentxxxxxxxxxxx/xxxxpredictiveHigh
162Argumentxxxxxxxx_xxx/xxxxxx_xxpredictiveHigh
163ArgumentxxxxxxxxpredictiveMedium
164ArgumentxxxxxxpredictiveLow
165ArgumentxxxxxxxxxxxxpredictiveMedium
166ArgumentxxxxxxxpredictiveLow
167Argumentxxxxx_xxxpredictiveMedium
168ArgumentxxxxxpredictiveLow
169ArgumentxxxxxpredictiveLow
170Argumentxxxxx/xxxx_xx/xxxxxx_xxxx/xxxxx/xxxx_xxxx/xxxx_xxxxx/xxxxx_xxxx/xxxxxxxxxxx/xxxxxxx_xxxx/xxxxxxx_xxxx/xxxxxxxx_xxxxxx/xxxxx_xxxx/xxxxxxpredictiveHigh
171ArgumentxxxxxpredictiveLow
172ArgumentxxxxxxxxxxxxxxxpredictiveHigh
173Argumentxxxxxxxxxxx/xxxxxx/xxxxxxxxxx/xxxxxxxxpredictiveHigh
174ArgumentxxxpredictiveLow
175Argumentxxxxxxxx/xxxxpredictiveHigh
176Argumentxx_xxxx_xxxxxx_xxxxxxxxxxpredictiveHigh
177Input Value"><xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHigh
178Input Value<xxx xxxxxx=xxxxx(xxxx)>predictiveHigh
179Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
180Network Portxxx/xxxxxpredictiveMedium
181Network Portxxx/xxx, xxx/xxx, xxx/xxxx, xxx/xxxxpredictiveHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!