ioc[.]one - OSINT Cyber Threat Intelligence Database

Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations | CISA

Tags

cmtmf-attack-pattern:	Command And Scripting Interpreter Exploit Public-Facing Application Scheduled Task/Job
country:	United Arab Emirates Azerbaijan Iran Israel
attack-pattern:	Data Cloud Services - T1021.007 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Dll Side-Loading - T1574.002 Domain Accounts - T1078.002 Domain Trust Discovery - T1482 Domains - T1583.001 Domains - T1584.001 Downgrade Attack - T1562.010 Exploit Public-Facing Application - T1377 Exploits - T1587.004 Exploits - T1588.005 Financial Theft - T1657 Impair Defenses - T1562 Impair Defenses - T1629 Input Capture - T1417 Ip Addresses - T1590.005 Local Account - T1087.001 Local Account - T1136.001 Local Accounts - T1078.003 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Protocol Tunneling - T1572 Remote Access Software - T1663 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Search Open Technical Databases - T1596 Server - T1583.004 Server - T1584.004 Server Software Component - T1505 Social Media - T1593.001 Software - T1592.002 Web Shell - T1505.003 Windows Service - T1543.003 Tool - T1588.002 Vulnerabilities - T1588.006 Account Manipulation - T1098 Command-Line Interface - T1059 Create Account - T1136 Dll Side-Loading - T1073 Exploit Public-Facing Application - T1190 External Remote Services - T1133 Input Capture - T1056 Powershell - T1086 Query Registry - T1012 Remote Access Tools - T1219 Scheduled Task - T1053 Scripting - T1064 Valid Accounts - T1078 Web Shell - T1100 Exploit Public-Facing Application External Remote Services Scripting Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	471d7e1f-d53f-4474-9d4b-9e35e9545f19
Fingerprint	d4918897b301f761
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 28, 2024, noon
Added to db	Oct. 1, 2024, 1:08 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations
Title	Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations \| CISA
Detected Hints/Tags/Attributes	159/3/62

Source URLs

	Redirection	Url
Details	Source	https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a

URL Provider

Details	Provider	Source level domain
Details	cisa.gov	www.cisa.gov

Attributes

Details	Type	#Events	Value
Details	CVE	20	cve-2024-24919
Details	CVE	38	cve-2024-3400
Details	CVE	161	cve-2019-19781
Details	CVE	152	cve-2023-3519
Details	CVE	70	cve-2022-1388
Details	CVE	55	cve-2024-21887
Details	Domain	13	files.catbox.moe
Details	Domain	30	ngrok.io
Details	Domain	134	shodan.io
Details	Domain	4	api.gupdate.net
Details	Domain	4	githubapp.net
Details	Domain	4	login.forticloud.online
Details	Domain	4	cloud.sophos.one
Details	Domain	57	crowdstrike.com
Details	Domain	152	cisa.gov
Details	Email	37	report@cisa.gov
Details	File	3	netscaler.php
Details	File	3	ctxheaderlogon.php
Details	File	1	ui_style.php
Details	File	1	sanpdebug.php
Details	File	2	contig.exe
Details	File	89	version.dll
Details	File	1	c:\windows\system32\drivers\test.sys
Details	sha256	1	ea2ec0c3859d8d8c36d95a298beef6d7add17856655bfbea2554b8714f7c7c69
Details	sha256	1	b761680e23f2ebb5f6887d315ebd05b2d7c365731e093b49adb059c3dccaa30c
Details	sha256	1	185ada4556737a4f26ae16f1a99ca82ab5684c32719ee426c420c0bc14384a0a
Details	sha256	1	3488458145eb62d7d3947e3811234f4663d9b5aeef6584ab08a2099a7f946664
Details	sha256	1	0a6f992e1372db4f245595424a7436ebb610775d6addc4d568acc2af5d315221
Details	sha256	1	14f8ad7d1553d1a47cf4c9e7bedabcc5b759c86e54c636175a472c11d7dec70f
Details	sha256	1	2c76104c9aaaf32453a814c227e7d9d755451b551a3fd30d2ea332df396b3a31
Details	IPv4	3	138.68.90.19
Details	IPv4	3	167.99.202.130
Details	IPv4	3	78.141.238.182
Details	IPv4	3	51.16.51.81
Details	IPv4	3	51.20.138.134
Details	IPv4	3	134.209.30.220
Details	IPv4	3	13.53.124.246
Details	IPv4	3	18.134.0.66
Details	IPv4	3	193.149.190.248
Details	IPv4	3	45.76.65.42
Details	IPv4	3	206.71.148.78
Details	IPv4	3	193.149.187.41
Details	Mandiant Uncategorized Groups	27	UNC757
Details	MITRE ATT&CK Techniques	8	T1596
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	104	T1505.003
Details	MITRE ATT&CK Techniques	152	T1056
Details	MITRE ATT&CK Techniques	191	T1133
Details	MITRE ATT&CK Techniques	51	T1136.001
Details	MITRE ATT&CK Techniques	112	T1098
Details	MITRE ATT&CK Techniques	480	T1053
Details	MITRE ATT&CK Techniques	141	T1219
Details	MITRE ATT&CK Techniques	67	T1505
Details	MITRE ATT&CK Techniques	43	T1078.003
Details	MITRE ATT&CK Techniques	71	T1078.002
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	4	T1562.010
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	501	T1012
Details	MITRE ATT&CK Techniques	124	T1482
Details	MITRE ATT&CK Techniques	95	T1572
Details	MITRE ATT&CK Techniques	16	T1657