otx.alienvault.com
Open in
urlscan Pro
143.204.98.54
Public Scan
URL:
https://otx.alienvault.com/pulse/6196157e4a0bcbe025404199?source=email_notification
Submission: On November 18 via api from US — Scanned from DE
Submission: On November 18 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (165234) Suggest Edit Clone Embed Download Report Spam IRANIAN GOVERNMENT-SPONSORED APT CYBER ACTORS EXPLOITING MICROSOFT EXCHANGE AND FORTINET VULNERABILITIES IN FURTHERANCE OF MALICIOUS ACTIVITIES * Created 29 minutes ago by AlienVault * Public * TLP: White The FBI, CISA, Australia and the UK have issued a joint cybersecurity advisory to highlight malicious cyber activity by an Iranian government-sponsored group that is likely to exploit vulnerabilities in Microsoft Exchange and Fortinet. Reference: https://us-cert.cisa.gov/ncas/alerts/aa21-321a Tags: cisa, fortinet, cve201813379, cve202012812, cve20195591, mimikatz, microsoft exchange Industries: Transportation, Healthcare, Critical Infrastructure, Government Targeted Countries: United Kingdom of Great Britain and Northern Ireland , New Zealand , Canada , Australia , United States of America Att&ck IDs: T1588.001 - Malware , T1588.002 - Tool , T1190 - Exploit Public-Facing Application , T1053.005 - Scheduled Task , T1136.001 - Local Account , T1136.002 - Domain Account , T1560.001 - Archive via Utility , T1486 - Data Encrypted for Impact Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (30) * Related Pulses (7) * Comments (0) * History (0) email (4)IPv4 (3)CVE (4)FileHash-SHA256 (6)FileHash-MD5 (7)FileHash-SHA1 (6) TYPES OF INDICATORS United States (1)Ukraine (1)Germany (1) THREAT INFRASTRUCTURE Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses emailwearehere@secmail.proNov 18, 2021, 8:57:34 AM1 IPv491.214.124.143Nov 18, 2021, 8:57:34 AM2 IPv4162.55.137.20Nov 18, 2021, 8:57:34 AM2 IPv4154.16.192.70Nov 18, 2021, 8:57:34 AM2 FileHash-SHA256d7982ffe09f947e5b4237c9477af73a034114af03968e3c4ce462a029f072a5acompromised_site_redirector_fromcharcodeNov 18, 2021, 8:57:34 AM7 FileHash-SHA256c51fe5073bd493c7e8d83365aace3f9911437a0f2ae80042ba01ea46b55d2624Nov 18, 2021, 8:57:34 AM2 FileHash-SHA2565c818fe43f05f4773ad20e0862280b0d5c66611bb12459a08442f55f148400a6Nov 18, 2021, 8:57:34 AM2 FileHash-SHA2564c691ccd811b868d1934b4b8e9ed6d5db85ef35504f85d860e8fd84c547ebf1dNov 18, 2021, 8:57:34 AM2 FileHash-SHA2563a08d0cb0ff4d95ed0896f22f4da8755525c243c457ba6273e08453e0e3ac4c4Nov 18, 2021, 8:57:34 AM0 FileHash-SHA25628332bdbfaeb8333dad5ada3c10819a1a015db9106d5e8a74beaaf03797511aacompromised_site_redirector_fromcharcodeNov 18, 2021, 8:57:34 AM7 SHOWING 1 TO 10 OF 30 ENTRIES 1 2 3 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2021 AlienVault, Inc. * Legal * Status