IRGC Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (115)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	116

Country

de	94
us	16
cn	2
ir	2

Actors

IRGC	4
APT17	1
Meterpreter	1
Emotet	1
Brute Ratel C4	1

Activities

Interest

Timeline

Type

Not Defined	6
Network Encryption Software	2
Firewall Software	2
Web Server	2
Remote Access Software	2

Vendor

Not Defined	8
Check Point	2
Thomas R. Pasawicz	2
SonicWALL	2
IBM	2

Product

Check Point Mobile Access	2
Check Point SSL VPN	2
Thomas R. Pasawicz HyperBook Guestbook	2
SonicWall SSLVPN SMA100	2
nginx	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.72	CVE-2010-0966
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	Calculating	High	Workaround	0.02016	0.00	CVE-2007-1192
3	jforum User input validation	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.04	CVE-2019-7550
4	TikiWiki tiki-register.php input validation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01075	10.00	CVE-2006-6168
5	nginx request smuggling	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	2.21	CVE-2020-12440
6	Microsoft Windows IIS Server Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00133	0.05	CVE-2023-36434
7	ajenti API privileges management	7.1	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01285	0.14	CVE-2019-25066
8	YITH WooCommerce Compare code injection	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
9	Check Point Mobile Access/SSL VPN Portal Agent os command injection	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00118	0.00	CVE-2021-30358
10	SonicWALL Secure Remote Access cross site scripting	3.5	3.5	$0-$5k	$0-$5k	High	Not Defined	0.02391	0.04	CVE-2021-20028
11	SonicWall SSLVPN SMA100 sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Not Defined	0.02628	0.04	CVE-2021-20016
12	Microsoft Exchange Server Privilege Escalation	9.0	8.2	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00181	0.00	CVE-2022-21969
13	VMware vCenter Server Analytics Service unrestricted upload	8.6	8.5	$5k-$25k	$0-$5k	High	Official Fix	0.97392	0.04	CVE-2021-22005
14	MC Coming Soon Script users.php privileges management	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
15	Gophish cross site scripting	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.04	CVE-2019-16146
16	GeniXCMS index.php cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00088	0.00	CVE-2017-14765
17	WebCalendar search.php cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.00
18	Microsoft Windows Work Folder Service privileges management	7.3	7.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00043	0.00	CVE-2020-1094
19	IBM Security Guardium Database Activity Monitor sql injection	8.6	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00136	0.00	CVE-2016-0249

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	54.39.78.148	ip148.ip-54-39-78.net	IRGC	09/14/2022	verified	High
2	95.217.193.86	static.86.193.217.95.clients.your-server.de	IRGC	09/14/2022	verified	High
3	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	09/14/2022	verified	High
4	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	09/14/2022	verified	High
5	XXX.XX.XXX.XX	xxxxxx.xx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxx	09/14/2022	verified	High
6	XXX.XXX.XX.XXX	xxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxx	09/14/2022	verified	High
7	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	09/14/2022	verified	High
8	XXX.XXX.XXX.XXX		Xxxx	09/14/2022	verified	High
9	XXX.XX.XX.XXX	xxx-xx-xx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	09/14/2022	verified	High
10	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx-xxxx.xxxxxxxxxxxx.xxx	Xxxx	09/14/2022	verified	High

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
2	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	High
3	TXXXX	CAPEC-122	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
4	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
6	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
7	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/admin/users.php	predictive	High
2	File	data/gbconfiguration.dat	predictive	High
3	File	xxxxxxx/xxxxx.xxx	predictive	High
4	File	xxx/xxxxxx.xxx	predictive	High
5	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	High
6	File	xxxxxx.xxx	predictive	Medium
7	File	xxxx-xxxxxxxx.xxx	predictive	High
8	Argument	xxx	predictive	Low
9	Argument	xxxxxxxx	predictive	Medium
10	Argument	xxxx xx	predictive	Low

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!