ioc[.]one - OSINT Cyber Threat Intelligence Database

Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks | CISA

Tags

cmtmf-attack-pattern:	Acquire Infrastructure Application Layer Protocol Boot Or Logon Autostart Execution Command And Scripting Interpreter Masquerading Obfuscated Files Or Information Obtain Capabilities Scheduled Task/Job System Network Connections Discovery
country:	Australia Canada Iran New Zealand United Kingdom United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Acquire Infrastructure Data Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Acquire Infrastructure - T1583 Software Discovery - T1418 Application Layer Protocol - T1437 Archive Collected Data - T1560 Archive Collected Data - T1532 Archive Via Utility - T1560.001 Bidirectional Communication - T1102.002 Bidirectional Communication - T1481.002 Boot Or Logon Autostart Execution - T1547 Bypass User Account Control - T1548.002 Cached Domain Credentials - T1003.005 Cmstp - T1218.003 Command And Scripting Interpreter - T1623 Compile After Delivery - T1027.004 Compile After Delivery - T1500 Component Object Model - T1559.001 Credentials - T1589.001 Credentials From Password Stores - T1555 Credentials From Web Browsers - T1555.003 Credentials From Web Browsers - T1503 Credentials In Files - T1552.001 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Dll Side-Loading - T1574.002 Domain Account - T1087.002 Domain Account - T1136.002 Dynamic Data Exchange - T1559.002 Email Addresses - T1589.002 Execution Guardrails - T1480 Execution Guardrails - T1627 Exfiltration Over C2 Channel - T1646 Exploitation For Client Execution - T1658 Exploits - T1587.004 Exploits - T1588.005 External Proxy - T1090.002 File And Directory Discovery - T1420 Firmware - T1592.003 Gather Victim Identity Information - T1589 Impair Defenses - T1562 Impair Defenses - T1629 Ingress Tool Transfer - T1544 Inter-Process Communication - T1559 Ip Addresses - T1590.005 Javascript - T1059.007 Junk Data - T1001.001 System Network Configuration Discovery - T1422 System Network Connections Discovery - T1421 Lsa Secrets - T1003.004 Lsass Memory - T1003.001 Malicious File - T1204.002 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Match Legitimate Name Or Location - T1036.005 Match Legitimate Name Or Location - T1655.001 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Mshta - T1218.005 Multi-Factor Authentication - T1556.006 Non-Standard Encoding - T1132.002 Obtain Capabilities - T1588 Office Template Macros - T1137.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Protocol Tunneling - T1572 Python - T1059.006 Registry Run Keys / Startup Folder - T1547.001 Regsvr32 - T1218.010 Remote Access Software - T1663 Rundll32 - T1218.011 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Screen Capture - T1513 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Social Media - T1593.001 Software - T1592.002 Software Discovery - T1518 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Spearphishing Link - T1566.002 Spearphishing Link - T1598.003 Standard Encoding - T1132.001 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 Windows Command Shell - T1059.003 Visual Basic - T1059.005 Web Protocols - T1071.001 Web Protocols - T1437.001 Web Service - T1481 Unsecured Credentials - T1552 Web Services - T1583.006 Web Services - T1584.006 Tool - T1588.002 Vulnerabilities - T1588.006 Account Discovery - T1087 Standard Application Layer Protocol - T1071 Bypass User Account Control - T1088 Cmstp - T1191 Command-Line Interface - T1059 Connection Proxy - T1090 Credential Dumping - T1003 Credentials In Files - T1081 Data Encoding - T1132 Data From Local System - T1005 Deobfuscate/Decode Files Or Information - T1140 Dll Side-Loading - T1073 Dynamic Data Exchange - T1173 Exfiltration Over Command And Control Channel - T1041 Exploitation For Client Execution - T1203 File And Directory Discovery - T1083 Remote File Copy - T1105 Masquerading - T1036 Mshta - T1170 Multi-Stage Channels - T1104 Obfuscated Files Or Information - T1027 Office Application Startup - T1137 Powershell - T1086 Process Discovery - T1057 Registry Run Keys / Start Folder - T1060 Regsvr32 - T1117 Remote Access Tools - T1219 Rundll32 - T1085 Scheduled Task - T1053 Screen Capture - T1113 Security Software Discovery - T1063 Signed Binary Proxy Execution - T1218 Spearphishing Attachment - T1193 Spearphishing Link - T1192 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Network Connections Discovery - T1049 System Owner/User Discovery - T1033 Windows Management Instrumentation - T1047 Web Service - T1102 User Execution - T1204 Masquerading Screen Capture Spearphishing Attachment User Execution

Show in Graph

Common Information

Type	Value
UUID	33ff6ebc-a05b-4221-8a9f-c0e004b702e2
Fingerprint	b44508f08175a1cb
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 24, 2022, midnight
Added to db	Sept. 11, 2022, 12:31 p.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	Alert (AA22-055A )
Title	Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks \| CISA
Detected Hints/Tags/Attributes	273/4/123

Source URLs

	Redirection	Url
Details	Source	https://www.cisa.gov/uscert/ncas/alerts/aa22-055a

URL Provider

Details	Provider	Source level domain
Details	cisa.gov	www.cisa.gov

Attributes

Details	Type	#Events	Value
Details	CVE	217	cve-2020-1472
Details	CVE	71	cve-2020-0688
Details	CVE	269	cve-2017-0199
Details	Domain	41	stopransomware.gov
Details	Domain	1	gram.app
Details	Domain	128	www.fbi.gov
Details	Domain	56	fbi.gov
Details	Domain	55	cisa.dhs.gov
Details	Domain	29	nsa.gov
Details	Domain	53	ncsc.gov.uk
Details	Email	29	cywatch@fbi.gov
Details	Email	22	cisaservicedesk@cisa.dhs.gov
Details	Email	14	cybersecurity_requests@nsa.gov
Details	File	28	goopdate.dll
Details	File	105	googleupdate.exe
Details	File	3	goopdate.dat
Details	File	35	config.txt
Details	File	4	gram_app.exe
Details	File	6	index.exe
Details	File	3	terms.xls
Details	File	3	fml.dll
Details	File	459	regsvr32.exe
Details	File	66	normal.dot
Details	File	2	temp.jpg
Details	File	59	csc.exe
Details	File	47	cmstp.exe
Details	File	456	mshta.exe
Details	File	1018	rundll32.exe
Details	File	26	procdump64.exe
Details	File	2126	cmd.exe
Details	File	18	makecab.exe
Details	File	26	app.exe
Details	File	3	%localappdata%\microsoftwindowsoutlookdataplus.txt
Details	File	3	microsoftwindowsoutlookdataplus.txt
Details	File	3	%appdata%\outlookmicrosift\index.exe
Details	md5	5	15fa3b32539d7453a9a85958b77d4c95
Details	md5	5	5763530f25ed0ec08fb26a30c04009f1
Details	sha1	4	11d594f3b3cf8525682f6214acb7b7782056d282
Details	sha1	4	2a6ddf89a8366a262b56a251b00aafaed5321992
Details	sha256	4	b75208393fa17c0bcbc1a07857686b8c0d7e0471d00a167a07fd0d52e1fc9054
Details	sha256	4	bf090cf7078414c9e157da7002ca727f06053b39fa4e377f9a0050f2af37d3a2
Details	IPv4	5	88.119.170.124
Details	IPv4	6	5.199.133.149
Details	IPv4	2	45.142.213.17
Details	IPv4	2	45.142.212.61
Details	IPv4	2	45.153.231.104
Details	IPv4	1	46.166.129.159
Details	IPv4	1	80.85.158.49
Details	IPv4	3	87.236.212.22
Details	IPv4	1	88.119.171.213
Details	IPv4	1	89.163.252.232
Details	IPv4	1	95.181.161.49
Details	IPv4	2	95.181.161.50
Details	IPv4	4	164.132.237.65
Details	IPv4	1	185.25.51.108
Details	IPv4	1	185.45.192.228
Details	IPv4	4	185.117.75.34
Details	IPv4	2	185.118.164.21
Details	IPv4	1	185.141.27.143
Details	IPv4	1	185.141.27.248
Details	IPv4	4	185.183.96.7
Details	IPv4	2	185.183.96.44
Details	IPv4	2	192.210.191.188
Details	IPv4	1	192.210.226.128
Details	IPv4	3	10.17.32.18
Details	Mandiant Temporary Group Assumption	29	TEMP.ZAGROS
Details	Mandiant Temporary Group Assumption	2	TEMP.JPG
Details	MITRE ATT&CK Techniques	310	T1566.001
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	227	T1574.002
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	627	T1027
Details	MITRE ATT&CK Techniques	59	T1059.006
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	MITRE ATT&CK Techniques	183	T1036.005
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	40	T1132.002
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	422	T1041
Details	MITRE ATT&CK Techniques	95	T1572
Details	MITRE ATT&CK Techniques	8	T1001.001
Details	MITRE ATT&CK Techniques	22	T1589.002
Details	MITRE ATT&CK Techniques	21	T1583.006
Details	MITRE ATT&CK Techniques	59	T1588.002
Details	MITRE ATT&CK Techniques	183	T1566.002
Details	MITRE ATT&CK Techniques	310	T1047
Details	MITRE ATT&CK Techniques	137	T1059.005
Details	MITRE ATT&CK Techniques	93	T1059.007
Details	MITRE ATT&CK Techniques	245	T1203
Details	MITRE ATT&CK Techniques	106	T1204.001
Details	MITRE ATT&CK Techniques	31	T1559.001
Details	MITRE ATT&CK Techniques	10	T1559.002
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	10	T1137.001
Details	MITRE ATT&CK Techniques	86	T1548.002
Details	MITRE ATT&CK Techniques	172	T1555
Details	MITRE ATT&CK Techniques	26	T1027.003
Details	MITRE ATT&CK Techniques	19	T1027.004
Details	MITRE ATT&CK Techniques	59	T1218.005
Details	MITRE ATT&CK Techniques	119	T1218.011
Details	MITRE ATT&CK Techniques	48	T1480
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	173	T1003.001
Details	MITRE ATT&CK Techniques	14	T1003.005
Details	MITRE ATT&CK Techniques	245	T1016
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	119	T1049
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	99	T1087.002
Details	MITRE ATT&CK Techniques	185	T1518
Details	MITRE ATT&CK Techniques	141	T1518.001
Details	MITRE ATT&CK Techniques	219	T1113
Details	MITRE ATT&CK Techniques	116	T1560.001
Details	MITRE ATT&CK Techniques	36	T1090.002
Details	MITRE ATT&CK Techniques	33	T1102.002
Details	MITRE ATT&CK Techniques	25	T1104
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	99	T1132.001
Details	MITRE ATT&CK Techniques	141	T1219
Details	Windows Registry Key	1	HKLM\Software\NFC\IPA
Details	Windows Registry Key	1	HKLM\Software\NFC
Details	Windows Registry Key	3	HKCU\Software\Microsoft\Windows\CurrentVersion\Run\OutlookMicrosift