Iranian APT Hackers Attacking Education & Tech Sectors to Steal Sensitive Data
Tags
| attack-pattern: | Data Password Spraying - T1110.003 Social Media - T1593.001 Tool - T1588.002 Brute Force - T1110 |
Common Information
| Type | Value |
|---|---|
| UUID | f8c0719a-37cc-45a0-8fa8-65d7606d1a2e |
| Fingerprint | ef89055118c5ed46 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 8, 2023, 5:42 a.m. |
| Added to db | Nov. 8, 2023, 7:33 a.m. |
| Last updated | Oct. 1, 2024, 2:49 p.m. |
| Headline | Iranian APT Hackers Attacking Education & Tech Sectors to Steal Sensitive Data |
| Title | Iranian APT Hackers Attacking Education & Tech Sectors to Steal Sensitive Data |
| Detected Hints/Tags/Attributes | 45/1/35 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 125 | ✔ | GBHackers Security | #1 Globally Trusted Cyber Security News Platform | https://gbhackers.com/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 4 | systems.exe |
|
| Details | File | 2 | net4.exe |
|
| Details | File | 11 | pscp.exe |
|
| Details | File | 2 | agmt.exe |
|
| Details | File | 2 | agmt.sys |
|
| Details | File | 2 | drvix.exe |
|
| Details | sha256 | 2 | 1ea4d26a31dad637d697f9fb70b6ed4d75a13d101e02e02bc00200b42353985c |
|
| Details | sha256 | 2 | 62e36675ed7267536bd980c07570829fe61136e53de3336eebadeca56ab060c2 |
|
| Details | sha256 | 2 | abfde7c29a4a703daa2b8ad2637819147de3a890fdd12da8279de51a3cc0d96d |
|
| Details | sha256 | 3 | 63d51bc3e5cf4068ff04bd3d665c101a003f1d6f52de7366f5a2d9ef5cc041a7 |
|
| Details | sha256 | 2 | 49c3df62c4b62ce8960558daea4a8cf41b11c8f445e218cd257970cf939a3c25 |
|
| Details | sha256 | 2 | dacdb4976fd75ab2fd7bb22f1b2f9d986f5d92c29555ce2b165c020e2816a200 |
|
| Details | sha256 | 3 | e43d66b7a4fa09a0714c573fbe4996770d9d85e31912480e73344124017098f9 |
|
| Details | sha256 | 2 | 2a6e3b6e42be2f55f7ab9db9d5790b0cc3f52bee9a1272fc4d79c7c0a3b6abda |
|
| Details | sha256 | 4 | 5d1660a53aaf824739d82f703ed580004980d377bdc2834f1041d512e4305d07 |
|
| Details | sha256 | 4 | f4c8369e4de1f12cc5a71eb5586b38fc78a9d8db2b189b8c25ef17a572d4d6b7 |
|
| Details | sha256 | 2 | 13d8d4f4fa483111e4372a6925d24e28f3be082a2ea8f44304384982bd692ec9 |
|
| Details | sha256 | 2 | a8e63550b56178ae5198c9cc5b704a8be4c8505fea887792b6d911e488592a7c |
|
| Details | sha256 | 2 | a112e78e4f8b99b1ceddae44f34692be20ef971944b98e2def995c87d5ae89ee |
|
| Details | sha256 | 2 | 38e406b17715b1b52ed8d8e4defdb5b79a4ddea9a3381a9f2276b00449ec8835 |
|
| Details | sha256 | 2 | f65880ef9fec17da4142850e5e7d40ebfc58671f5d66395809977dd5027a6a3e |
|
| Details | sha256 | 2 | ec7dc5bfadce28b8a8944fb267642c6f713e5b19a9983d7c6f011ebe0f663097 |
|
| Details | sha256 | 2 | c52525cd7d05bddb3ee17eb1ad6b5d6670254252b28b18a1451f604dfff932a4 |
|
| Details | sha256 | 2 | 8967c83411cd96b514252df092d8d3eda3f7f2c01b3eef1394901e27465ff981 |
|
| Details | sha256 | 2 | a2d8704b5073cdc059e746d2016afbaecf8546daad3dbfe4833cd3d41ab63898 |
|
| Details | sha256 | 3 | 18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7 |
|
| Details | sha256 | 2 | 2fb88793f8571209c2fcf1be528ca1d59e7ac62e81e73ebb5a0d77b9d5a09cb8 |
|
| Details | sha256 | 2 | 9165d4f3036919a96b86d24b64d75d692802c7513f2b3054b20be40c212240a5 |
|
| Details | IPv4 | 3 | 185.105.46.34 |
|
| Details | IPv4 | 3 | 185.105.46.19 |
|
| Details | IPv4 | 3 | 93.188.207.110 |
|
| Details | IPv4 | 3 | 109.237.107.212 |
|
| Details | IPv4 | 3 | 217.29.62.166 |
|
| Details | IPv4 | 3 | 81.177.22.182 |
|
| Details | Deprecated Microsoft Threat Actor Naming Taxonomy (Groups in development) | 9 | DEV-0022 |