← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations | CISA
Iranian government-sponsored APT actors are exploiting known Fortinet and Microsoft Exchange vulnerabilities to gain initial access to a broad range of targeted entities in furtherance of malicious activities, including ransom operations. The authoring agencies now judge these actors are an APT group affiliated with the IRGC.
MITRE ATT&CK & Malware Families
Indicators of Compromise (63)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| CVE | CVE-2018-13379 | — | 2022-09-15 | |
| CVE | CVE-2019-5591 | — | 2022-09-15 | |
| CVE | CVE-2020-12812 | — | 2022-09-15 | |
| CVE | CVE-2021-31196 | — | 2022-09-15 | |
| CVE | CVE-2021-31206 | — | 2022-09-15 | |
| CVE | CVE-2021-31207 | — | 2022-09-15 | |
| CVE | CVE-2021-33766 | — | 2022-09-15 | |
| CVE | CVE-2021-33768 | — | 2022-09-15 | |
| CVE | CVE-2021-34470 | — | 2022-09-15 | |
| CVE | CVE-2021-34473 | — | 2022-09-15 | |
| CVE | CVE-2021-34523 | — | 2022-09-15 | |
| CVE | CVE-2021-44228 | — | 2022-09-15 | |
| CVE | CVE-2021-45046 | — | 2022-09-15 | |
| CVE | CVE-2021-45105 | — | 2022-09-15 | |
| FileHash-MD5 | 0f8b592126cc2be0e9967d21c40806bc | — | 2022-09-15 | |
| FileHash-MD5 | 298d41f01009c6d6240bc2dc7b769205 | — | 2022-09-15 | |
| FileHash-MD5 | 2e1e17a443dc713f13f45a9646fc2179 | — | 2022-09-15 | |
| FileHash-MD5 | 5b646edb1deb6396082b214a1d93691b | — | 2022-09-15 | |
| FileHash-MD5 | 5f098b55f94f5a448ca28904a57c0e58 | MD5 of 27102b416ef5df186bd8b35190c2a4cc4e2fbf37 | 2022-09-15 | |
| FileHash-MD5 | 68f58e442fba50b02130eedfc5fe4e5b | — | 2022-09-15 | |
| FileHash-MD5 | 7ac4633bf064ebba9666581b776c548f | MD5 of 524443dd226173d8ba458133b0a4084a172393ef | 2022-09-15 | |
| FileHash-MD5 | 7fdc2d007ef0c1946f1f637b87f81590 | — | 2022-09-15 | |
| FileHash-MD5 | 9a3703f9c532ae2ec3025840fa449d4e | — | 2022-09-15 | |
| FileHash-MD5 | b04b97e7431925097b3ca4841b894139 | — | 2022-09-15 | |
| FileHash-MD5 | bd131ebfc44025a708575587afeebbf3 | — | 2022-09-15 | |
| FileHash-MD5 | cacb64bdf648444e66c82f5ce61caf4b | — | 2022-09-15 | |
| FileHash-MD5 | d2f4647a3749d30a35d5a8faff41765e | — | 2022-09-15 | |
| FileHash-MD5 | f0be699c8aafc41b25a8fc0974cc4582 | — | 2022-09-15 | |
| FileHash-SHA1 | 27102b416ef5df186bd8b35190c2a4cc4e2fbf37 | — | 2022-09-15 | |
| FileHash-SHA1 | 3a6431169073d61748829c31a9da29123dd61da8 | — | 2022-09-15 | |
| FileHash-SHA1 | 3da45558d8098eb41ed7db5115af5a2c61c543af | SHA1 of 0f8b592126cc2be0e9967d21c40806bc | 2022-09-15 | |
| FileHash-SHA1 | 524443dd226173d8ba458133b0a4084a172393ef | — | 2022-09-15 | |
| FileHash-SHA1 | 6bae2d45bbd8c4b0a59ba08892692fe86e596154 | SHA1 of f0be699c8aafc41b25a8fc0974cc4582 | 2022-09-15 | |
| FileHash-SHA1 | 6ca62f4244994b5fbb8a46bdfe62aa1c958cebbd | SHA1 of 298d41f01009c6d6240bc2dc7b769205 | 2022-09-15 | |
| FileHash-SHA1 | 763ca462b2e9821697e63aa48a1734b10d3765ee | — | 2022-09-15 | |
| FileHash-SHA1 | 76dd6560782b13af3f44286483e157848efc0a4e | SHA1 of 68f58e442fba50b02130eedfc5fe4e5b | 2022-09-15 | |
| FileHash-SHA1 | 8b23b14d8ec4712734a5f6261aed40942c9e0f68 | SHA1 of bd131ebfc44025a708575587afeebbf3 | 2022-09-15 | |
| FileHash-SHA1 | 8ece87086e8b5aba0d1cc4ec3804bf74e0b45bee | SHA1 of 9a3703f9c532ae2ec3025840fa449d4e | 2022-09-15 | |
| FileHash-SHA1 | e75bfc0dd779d9d8ac02798b090989c2f95850dc | — | 2022-09-15 | |
| FileHash-SHA256 | 12c6da07da24edba13650cd324b2ad04d0a0526bb4e853dee03c094075ff6d1a | — | 2022-09-15 | |
| FileHash-SHA256 | 1604e69d17c0f26182a3e3ff65694a49450aafd56a7e8b21697a932409dfd81e | SHA256 of 9a3703f9c532ae2ec3025840fa449d4e | 2022-09-15 | |
| FileHash-SHA256 | 17e95ecc7fedcf03c4a5e97317cfac166b337288562db0095ccd24243a93592f | — | 2022-09-15 | |
| FileHash-SHA256 | 559d4abe3a6f6c93fc9eae24672a49781af140c43d491a757c8e975507b4032e | — | 2022-09-15 | |
| FileHash-SHA256 | 668ec78916bab79e707dc99fdecfa10f3c87ee36d4dee6e3502d1f5663a428a0 | SHA256 of 27102b416ef5df186bd8b35190c2a4cc4e2fbf37 | 2022-09-15 | |
| FileHash-SHA256 | 724d54971c0bba8ff32aeb6044d3b3fd571b13a4c19cada015ea4bcab30cae26 | SHA256 of 0f8b592126cc2be0e9967d21c40806bc | 2022-09-15 | |
| FileHash-SHA256 | 7b5fbbd90eab5bee6f3c25aa3c2762104e219f96501ad6a4463e25e6001eb00b | SHA256 of f0be699c8aafc41b25a8fc0974cc4582 | 2022-09-15 | |
| FileHash-SHA256 | 8aa3530540ba023fb29550643beb00c9c29f81780056e02c5a0d02a1797b9cd9 | SHA256 of 298d41f01009c6d6240bc2dc7b769205 | 2022-09-15 | |
| FileHash-SHA256 | b04b97e7431925097b3ca4841b8941397b0b88796da512986327ff66426544ca | SHA256 of 68f58e442fba50b02130eedfc5fe4e5b | 2022-09-15 | |
| FileHash-SHA256 | b8a472f219658a28556bab4d6d109fdf3433b5233a765084c70214c973becbbd | SHA256 of bd131ebfc44025a708575587afeebbf3 | 2022-09-15 | |
| FileHash-SHA256 | d14d546070afda086a1c7166eaafd9347a15a32e6be6d5d029064bfa9ecdede7 | SHA256 of 524443dd226173d8ba458133b0a4084a172393ef | 2022-09-15 | |
| domain | aptmirror.eu | — | 2022-09-15 | |
| domain | buylap.top | — | 2022-09-15 | |
| domain | gupdate.us | — | 2022-09-15 | |
| domain | mssync.one | — | 2022-09-15 | |
| domain | msupdate.top | — | 2022-09-15 | |
| domain | msupdate.us | — | 2022-09-15 | |
| domain | newdesk.top | — | 2022-09-15 | |
| domain | symantecserver.co | — | 2022-09-15 | |
| domain | tcp443.org | — | 2022-09-15 | |
| domain | upmirror.top | — | 2022-09-15 | |
| domain | winstore.us | — | 2022-09-15 | |
| buysafety@onionmail.org | — | 2022-09-15 | ||
| werbits@onionmail.org | — | 2022-09-15 |
References (1)