202211031300_Iranian Threat Actors and Healthcare_TLPCLEAR
Common Information
| Type | Value |
|---|---|
| UUID | f55f8772-3701-4b10-a275-e5760a0f9820 |
| Fingerprint | 4d373e17dad78315089031235696800efdbbf2289dbf7134bf70748da11d4470 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 2, 2022, 3:08 p.m. |
| Added to db | July 4, 2024, 3:32 p.m. |
| Last updated | Aug. 31, 2024, 7:29 a.m. |
| Headline | 202211031300_Iranian Threat Actors and Healthcare_TLPCLEAR |
| Title | 202211031300_Iranian Threat Actors and Healthcare_TLPCLEAR |
| Detected Hints/Tags/Attributes | 211/4/74 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 128 | cve-2019-11510 |
|
| Details | CVE | 161 | cve-2019-19781 |
|
| Details | CVE | 77 | cve-2020-5902 |
|
| Details | CVE | 397 | cve-2021-44228 |
|
| Details | CVE | 67 | cve-2021-45046 |
|
| Details | CVE | 168 | cve-2021-34473 |
|
| Details | CVE | 143 | cve-2021-31207 |
|
| Details | CVE | 12 | cve-2021-31206 |
|
| Details | CVE | 7 | cve-2021-33768 |
|
| Details | CVE | 9 | cve-2021-33766 |
|
| Details | CVE | 5 | cve-2021-34470 |
|
| Details | CVE | 150 | cve-2018-13379 |
|
| Details | CVE | 26 | cve-2020-12812 |
|
| Details | CVE | 11 | cve-2019-5591 |
|
| Details | Domain | 3 | homelandjustice.ru |
|
| Details | Domain | 182 | www.mandiant.com |
|
| Details | Domain | 36 | www.hackread.com |
|
| Details | Domain | 11 | carnegieendowment.org |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | Domain | 22 | www.businessinsider.com |
|
| Details | Domain | 21 | cyware.com |
|
| Details | Domain | 89 | arstechnica.com |
|
| Details | Domain | 21 | foreignpolicy.com |
|
| Details | Domain | 469 | www.cisa.gov |
|
| Details | Domain | 8 | www.ironnet.com |
|
| Details | Domain | 15 | www.healthcareitnews.com |
|
| Details | Domain | 6 | theconversation.com |
|
| Details | Domain | 14 | healthitsecurity.com |
|
| Details | Domain | 172 | www.crowdstrike.com |
|
| Details | Domain | 6 | adversary.crowdstrike.com |
|
| Details | Domain | 43 | www.cyberscoop.com |
|
| Details | Domain | 251 | www.bleepingcomputer.com |
|
| Details | Domain | 138 | www.darkreading.com |
|
| Details | Domain | 23 | hhs.gov |
|
| Details | 18 | hc3@hhs.gov |
||
| Details | File | 13 | advanced_port_scanner.exe |
|
| Details | File | 1 | iran_cyber_final_full_v2.pdf |
|
| Details | IBM X-Force - Threat Group Enumeration | 34 | ITG18 |
|
| Details | IBM X-Force - Threat Group Enumeration | 7 | ITG07 |
|
| Details | Mandiant Temporary Group Assumption | 29 | TEMP.ZAGROS |
|
| Details | Mandiant Uncategorized Groups | 27 | UNC757 |
|
| Details | Mandiant Uncategorized Groups | 15 | UNC3890 |
|
| Details | Threat Actor Identifier - APT | 194 | APT35 |
|
| Details | Threat Actor Identifier - APT | 53 | APT39 |
|
| Details | Threat Actor Identifier - APT | 258 | APT34 |
|
| Details | Threat Actor Identifier - APT | 181 | APT33 |
|
| Details | Url | 1 | https://www.mandiant.com/resources/insights/apt- |
|
| Details | Url | 1 | https://www.hackread.com/irans-cobalt-mirage-threat-group-ransomware-attacks-us |
|
| Details | Url | 1 | https://carnegieendowment.org/files/iran_cyber_final_full_v2.pdf |
|
| Details | Url | 4 | https://attack.mitre.org/groups/g0087 |
|
| Details | Url | 1 | https://www.businessinsider.com/hacker-groups-you-should-be-worrying-about-2014-10 |
|
| Details | Url | 1 | https://www.mandiant.com/resources/blog/likely-iranian-threat-actor-conducts-politically-motivated-disruptive- |
|
| Details | Url | 1 | https://cyware.com/news/hello-charming-kitten-alleged-hbo-hacker-two-others-possibly- |
|
| Details | Url | 1 | https://arstechnica.com/information-technology/2021/07/facebook-catches-iranian-spies-catfishing-us- |
|
| Details | Url | 1 | https://foreignpolicy.com/2019/02/15/meet-charming-kitten-the-iranian-hackers-linked-to-air- |
|
| Details | Url | 1 | https://www.cisa.gov/uscert/iran |
|
| Details | Url | 3 | https://www.cisa.gov/uscert/ncas/alerts/aa22-257a |
|
| Details | Url | 1 | https://www.cisa.gov/uscert/ncas/alerts/aa22-264a |
|
| Details | Url | 1 | https://www.ironnet.com/blog/iranian-cyber- |
|
| Details | Url | 1 | https://www.healthcareitnews.com/news/cisa-issues-alert-iran-sponsored-hacker-group- |
|
| Details | Url | 1 | https://theconversation.com/how-real-is-the-threat-of-cyberwar-between-iran-and-the-us- |
|
| Details | Url | 5 | https://attack.mitre.org/groups/g0059 |
|
| Details | Url | 1 | https://www.mandiant.com/resources/blog/suspected- |
|
| Details | Url | 1 | https://healthitsecurity.com/news/cisa-iranian-government-sponsored-threat-actors-targeting- |
|
| Details | Url | 1 | https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-november- |
|
| Details | Url | 1 | https://www.crowdstrike.com/blog/who-is-refined-kitten |
|
| Details | Url | 1 | https://www.microsoft.com/security/blog/2021/11/16/evolving-trends-in-iranian-threat-actor-activity-mstic- |
|
| Details | Url | 3 | https://attack.mitre.org/groups/g0069 |
|
| Details | Url | 6 | https://attack.mitre.org/groups/g0049 |
|
| Details | Url | 2 | https://www.crowdstrike.com/blog/who-is-pioneer-kitten |
|
| Details | Url | 1 | https://adversary.crowdstrike.com/en-us/adversary/remix-kitten |
|
| Details | Url | 1 | https://www.cyberscoop.com/iran-hospital-wray-fbi-boston-children |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/hackers-now-use-sock-puppets-for-more- |
|
| Details | Url | 1 | https://www.darkreading.com/attacks-breaches/iranian-threat-activity- |