ioc[.]one - OSINT Cyber Threat Intelligence Database

Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations | CISA

Tags

cmtmf-attack-pattern:	Application Layer Protocol Command And Scripting Interpreter Modify Authentication Process Obtain Capabilities
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Application Layer Protocol - T1437 Cloud Accounts - T1078.004 Cloud Accounts - T1585.003 Cloud Accounts - T1586.003 Cloud Groups - T1069.003 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Credentials From Password Stores - T1555 Data From Local System - T1533 Device Registration - T1098.005 Domain Account - T1087.002 Domain Account - T1136.002 Domain Groups - T1069.002 Domain Or Tenant Policy Modification - T1484 Domain Trust Discovery - T1482 Domains - T1583.001 Domains - T1584.001 Email Account - T1087.003 Email Accounts - T1585.002 Email Accounts - T1586.002 Exploitation For Privilege Escalation - T1404 Gather Victim Identity Information - T1589 Impersonation - T1656 Ingress Tool Transfer - T1544 Ip Addresses - T1590.005 Kerberoasting - T1558.003 System Information Discovery - T1426 Modify Authentication Process - T1556 Multi-Factor Authentication - T1556.006 Multi-Factor Authentication Request Generation - T1621 Ntds - T1003.003 Obtain Capabilities - T1588 Password Spraying - T1110.003 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Protocol Tunneling - T1572 Remote Desktop Protocol - T1021.001 Software - T1592.002 Steal Or Forge Kerberos Tickets - T1558 Web Protocols - T1071.001 Web Protocols - T1437.001 Trust Modification - T1484.002 Tool - T1588.002 Account Discovery - T1087 Account Manipulation - T1098 Standard Application Layer Protocol - T1071 Brute Force - T1110 Command-Line Interface - T1059 Credential Dumping - T1003 Data From Local System - T1005 Exploitation For Privilege Escalation - T1068 External Remote Services - T1133 Indirect Command Execution - T1202 Remote File Copy - T1105 Kerberoasting - T1208 Permission Groups Discovery - T1069 Powershell - T1086 Remote Desktop Protocol - T1076 Remote Services - T1021 Remote System Discovery - T1018 System Information Discovery - T1082 Valid Accounts - T1078 External Remote Services Remote System Discovery Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	cb2e6ec1-1f14-455a-b5db-eb4374bc9693
Fingerprint	ecb148990b41f761
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 16, 2024, noon
Added to db	Oct. 21, 2024, 11:55 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations
Title	Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations \| CISA
Detected Hints/Tags/Attributes	143/3/108

Source URLs

	Redirection	Url
Details	Source	https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-290a

URL Provider

Details	Provider	Source level domain
Details	cisa.gov	www.cisa.gov

Attributes

Details	Type	#Events	Value
Details	CVE	217	cve-2020-1472
Details	Domain	1	ca.properties
Details	Domain	152	cisa.gov
Details	Domain	29	nsa.gov
Details	Email	37	report@cisa.gov
Details	Email	7	cybersecurityreports@nsa.gov
Details	File	74	mstsc.exe
Details	File	6	domainpasswordspray.ps1
Details	File	128	msedge.exe
Details	sha1	3	1f96d15b26416b2c7043ee7172357af3afbb002a
Details	sha1	3	3d3cdf7cfc881678febcafb26ae423fe5aa4efec
Details	IPv4	2	95.181.234.12
Details	IPv4	2	95.181.234.25
Details	IPv4	2	173.239.232.20
Details	IPv4	2	172.98.71.191
Details	IPv4	2	102.129.235.127
Details	IPv4	2	188.126.94.60
Details	IPv4	2	149.40.50.45
Details	IPv4	2	181.214.166.59
Details	IPv4	2	212.102.39.212
Details	IPv4	2	149.57.16.134
Details	IPv4	2	149.57.16.137
Details	IPv4	2	102.129.235.186
Details	IPv4	2	46.246.8.138
Details	IPv4	2	149.57.16.160
Details	IPv4	2	149.57.16.37
Details	IPv4	2	46.246.8.137
Details	IPv4	2	212.102.57.29
Details	IPv4	2	46.246.8.82
Details	IPv4	2	95.181.234.15
Details	IPv4	2	45.88.97.225
Details	IPv4	2	84.239.45.17
Details	IPv4	2	46.246.8.104
Details	IPv4	2	37.46.113.206
Details	IPv4	2	46.246.3.186
Details	IPv4	2	46.246.8.141
Details	IPv4	2	46.246.8.17
Details	IPv4	2	37.19.197.182
Details	IPv4	2	154.16.192.38
Details	IPv4	2	102.165.16.127
Details	IPv4	2	46.246.8.47
Details	IPv4	2	46.246.3.225
Details	IPv4	2	46.246.3.226
Details	IPv4	2	46.246.3.240
Details	IPv4	2	191.101.217.10
Details	IPv4	2	102.129.153.182
Details	IPv4	2	46.246.3.196
Details	IPv4	2	102.129.152.60
Details	IPv4	2	156.146.60.74
Details	IPv4	2	191.96.227.113
Details	IPv4	2	191.96.227.122
Details	IPv4	2	181.214.166.132
Details	IPv4	2	188.126.94.57
Details	IPv4	2	154.6.13.144
Details	IPv4	2	154.6.13.151
Details	IPv4	2	188.126.94.166
Details	IPv4	2	89.149.38.204
Details	IPv4	2	46.246.8.67
Details	IPv4	2	46.246.8.53
Details	IPv4	2	154.16.192.37
Details	IPv4	2	191.96.150.14
Details	IPv4	2	191.96.150.96
Details	IPv4	2	46.246.8.10
Details	IPv4	2	84.239.25.13
Details	IPv4	2	154.6.13.139
Details	IPv4	2	191.96.106.33
Details	IPv4	2	191.96.227.159
Details	IPv4	2	149.57.16.150
Details	IPv4	2	191.96.150.21
Details	IPv4	2	46.246.8.84
Details	IPv4	2	95.181.235.8
Details	IPv4	3	191.96.227.102
Details	IPv4	2	46.246.122.185
Details	IPv4	2	146.70.102.3
Details	IPv4	2	46.246.3.233
Details	IPv4	2	46.246.3.239
Details	IPv4	2	188.126.89.35
Details	IPv4	2	46.246.3.223
Details	IPv4	2	46.246.3.245
Details	IPv4	2	191.96.150.50
Details	MITRE ATT&CK Techniques	34	T1589
Details	MITRE ATT&CK Techniques	125	T1110
Details	MITRE ATT&CK Techniques	306	T1078
Details	MITRE ATT&CK Techniques	49	T1110.003
Details	MITRE ATT&CK Techniques	34	T1078.004
Details	MITRE ATT&CK Techniques	191	T1133
Details	MITRE ATT&CK Techniques	14	T1621
Details	MITRE ATT&CK Techniques	6	T1556.006
Details	MITRE ATT&CK Techniques	11	T1098.005
Details	MITRE ATT&CK Techniques	13	T1484.002
Details	MITRE ATT&CK Techniques	33	T1556
Details	MITRE ATT&CK Techniques	95	T1572
Details	MITRE ATT&CK Techniques	160	T1021.001
Details	MITRE ATT&CK Techniques	60	T1202
Details	MITRE ATT&CK Techniques	36	T1558.003
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	59	T1588.002
Details	MITRE ATT&CK Techniques	172	T1555
Details	MITRE ATT&CK Techniques	208	T1068
Details	MITRE ATT&CK Techniques	243	T1018
Details	MITRE ATT&CK Techniques	124	T1482
Details	MITRE ATT&CK Techniques	99	T1087.002
Details	MITRE ATT&CK Techniques	74	T1069.002
Details	MITRE ATT&CK Techniques	2	T1069.003
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	534	T1005