ioc[.]one - OSINT Cyber Threat Intelligence Database

Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester

Show in Graph

Common Information

Type	Value
UUID	59d10cf1-e1ce-44dd-b47b-f63405dd35e0
Fingerprint	1cac15d2e8cd1a04040eeb206882fd70c9337c85d47e88f1c7a7890053506a81
Analysis status	DONE
Considered CTI value	0
Text language
Published	Nov. 21, 2022, 11:41 a.m.
Added to db	May 27, 2024, 3:26 p.m.
Last updated	Aug. 31, 2024, 8:57 a.m.
Headline	Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester
Title	Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester
Detected Hints/Tags/Attributes	0/0/33

Source URLs

	Redirection	Url
Details	Source	https://www.ic3.gov/Media/News/2022/221121.pdf

URL Provider

Details	Provider	Source level domain
Details	ic3.gov	www.ic3.gov

Attributes

Details	Type	#Events	Value
Details	Domain	152	cisa.gov
Details	Domain	3	ny.cf
Details	Domain	19	file.zip
Details	Domain	71	transfer.sh
Details	Domain	30	ngrok.io
Details	Domain	7	tunnel.us.ngrok.com
Details	Domain	4	korgn.su.lennut.com
Details	Domain	16	ngrok.com
Details	Domain	3	tunnel.com
Details	Domain	3	lennut.com
Details	Email	37	report@cisa.gov
Details	File	2	mdepoy.txt
Details	File	2	c:\users\public\mde.ps1
Details	File	4	mde.ps1
Details	File	18	file.zip
Details	File	20	winring0x64.sys
Details	File	4	wuacltservice.exe
Details	File	153	config.json
Details	File	46	runtimebroker.exe
Details	File	4	runtimebrokerservice.exe
Details	File	1208	powershell.exe
Details	File	10	e.exe
Details	File	1122	svchost.exe
Details	File	30	taskeng.exe
Details	File	478	lsass.exe
Details	File	76	ping.exe
Details	File	19	tracert.exe
Details	File	3	horizon_windows_log4j_mitigations.zip
Details	IPv4	4	51.89.181.64
Details	IPv4	6	182.54.217.2
Details	IPv4	295	8.8.8.8
Details	IPv4	13	144.76.136.153
Details	MITRE ATT&CK Techniques	542	T1190