← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations | CISA
Iranian government-sponsored APT actors are exploiting known Fortinet and Microsoft Exchange vulnerabilities to gain initial access to a broad range of targeted entities in furtherance of malicious activities, including ransom operations. The authoring agencies now judge these actors are an APT group affiliated with the IRGC.
MITRE ATT&CK & Malware Families
Indicators of Compromise (14 / 63 total)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 0f8b592126cc2be0e9967d21c40806bc | — | 2022-09-15 | |
| FileHash-MD5 | 298d41f01009c6d6240bc2dc7b769205 | — | 2022-09-15 | |
| FileHash-MD5 | 2e1e17a443dc713f13f45a9646fc2179 | — | 2022-09-15 | |
| FileHash-MD5 | 5b646edb1deb6396082b214a1d93691b | — | 2022-09-15 | |
| FileHash-MD5 | 5f098b55f94f5a448ca28904a57c0e58 | MD5 of 27102b416ef5df186bd8b35190c2a4cc4e2fbf37 | 2022-09-15 | |
| FileHash-MD5 | 68f58e442fba50b02130eedfc5fe4e5b | — | 2022-09-15 | |
| FileHash-MD5 | 7ac4633bf064ebba9666581b776c548f | MD5 of 524443dd226173d8ba458133b0a4084a172393ef | 2022-09-15 | |
| FileHash-MD5 | 7fdc2d007ef0c1946f1f637b87f81590 | — | 2022-09-15 | |
| FileHash-MD5 | 9a3703f9c532ae2ec3025840fa449d4e | — | 2022-09-15 | |
| FileHash-MD5 | b04b97e7431925097b3ca4841b894139 | — | 2022-09-15 | |
| FileHash-MD5 | bd131ebfc44025a708575587afeebbf3 | — | 2022-09-15 | |
| FileHash-MD5 | cacb64bdf648444e66c82f5ce61caf4b | — | 2022-09-15 | |
| FileHash-MD5 | d2f4647a3749d30a35d5a8faff41765e | — | 2022-09-15 | |
| FileHash-MD5 | f0be699c8aafc41b25a8fc0974cc4582 | — | 2022-09-15 |
References (1)