TLP:WHITE19 IOCs
AA24-241A Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations
Diamond Model
Adversary
Infrastructure(6)
Capability
Victim
5W+H Threat Analysis
Analysis unavailable
Indicators of Compromise
Indicators of Compromise19
| Type | Indicator | Confidence | Score | First Seen |
|---|---|---|---|---|
| IP | 45.76.65.42 networkvictim-context | High | 68 | Jun 2, 26 |
| Domain | fortigate.forticloud.online indicatornetwork | High | 68 | Jun 2, 26 |
| Domain | api.gupdate.net indicatornetwork | High | 68 | Jun 2, 26 |
| IP | 206.71.148.78 indicatornetwork | High | 68 | Jun 2, 26 |
| IP | 193.149.190.248 networkvictim-context | High | 68 | Jun 2, 26 |
| CVE | CVE-2023-3519 exploitvulnerability | High | 68 | Jun 2, 26 |
| CVE | CVE-2019-19781 exploitvulnerability | High | 68 | Jun 2, 26 |
| Domain | cloud.sophos.one indicatornetwork | High | 68 | Jun 2, 26 |
| Domain | ngrok.io networkvictim-context | High | 68 | Jun 2, 26 |
| Domain | files.catbox.moe networkvictim-context | High | 68 | Jun 2, 26 |
| IP | 167.99.202.130 indicatornetwork | High | 68 | Jun 2, 26 |
| IP | 134.209.30.220 indicatornetwork | High | 68 | Jun 2, 26 |
| IP | 138.68.90.19 indicatornetwork | High | 68 | Jun 2, 26 |
| IP | 78.141.238.182 indicatornetwork | High | 68 | Jun 2, 26 |
| CVE | CVE-2022-1388 exploitvulnerability | High | 68 | Jun 2, 26 |
| CVE | CVE-2024-24919 exploitvulnerability | High | 68 | Jun 2, 26 |
| IP | 193.149.187.41 indicatornetwork | High | 68 | Jun 2, 26 |
| Domain | login.forticloud.online indicatornetwork | High | 68 | Jun 2, 26 |
| CVE | CVE-2024-3400 exploitvulnerability | High | 68 | Jun 2, 26 |
IOC Relationship Graph
IOC Relationship Graph19 total IOCs
IPDomainCVE