PT-2025-18918 · Undefined · Undefined
Published
2025-05-02
·
Updated
2025-05-02
·
CVE-2023-3895229
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
#ParsedReport #CompletenessHigh
01-05-2025
Investigating Iranian Intrusion into Strategic Middle East Critical Infrastructure
Report completeness: High
Actors/Campaigns:
Fox kitten
Bohrium
Unc1878
Threats:
Havoc
Hanifnet
Hxlibrary
Neoexpressrat
Plink tool
Ngrok tool
Meshcentral tool
Systembc
Credential harvesting technique
Remoteinjector tool
Credinterceptor tool
Psexec tool
Reversesocks5 tool
Darkloadlibrary
Recshell
Dropshell
Mimikatz tool
Netstat tool
Shadow copies delete technique
Vssadmin tool
Nanodump tool
Credential dumping technique
Netcat tool
Angry ip scanner tool
Lolbin technique
Discordgo
Redline stealer
Cobra
Anydesk tool
Netpass tool
Process injection technique
Advanced-port-scanner tool
Putty tool
W64/injector.d!6btr
W32/agent.d49str!tr
W64/injector.d!bttr
Powershell shell tool
Netscan tool
Winpeas tool
W64/agent.06d9!tr
W64/agent.2ebc!tr
W64/agent.0b8d!tr
Hacc2 tool
Victims:
Cni network
Industry:
Critical infrastructure, Government, Transport, Religion, Financial, Energy, Healthcare, Telco
Geo:
Palestine, Lebanon, Syria, Iran, German, Israel, Canadian, Middle east, Iranian, Africa
CVEs:
CVE-2023-38950 [Vulners]
CVSS V3.1: 7.5,
Vulners: Exploitation: Unknown
X-Force: Risk: Unknown
X-Force: Patch: Unknown
Soft:
- zkteco biotime (8.5.5)
CVE-2023-38951 [Vulners]
CVSS V3.1: 9.8,
Vulners: Exploitation: Unknown
X-Force: Risk: Unknown
X-Force: Patch: Unknown
Soft:
- zkteco biotime (8.5.5)
CVE-2023-3895138 [Vulners]
CVSS V3.1: Unknown,
Vulners: Exploitation: Unknown
X-Force: Risk: Unknown
X-Force: Patch: Unknown
CVE-2023-3895229 [Vulners]
CVSS V3.1: Unknown,
Vulners: Exploitation: Unknown
X-Force: Risk: Unknown
X-Force: Patch: Unknown
CVE-2023-3895037 [Vulners]
CVSS V3.1: Unknown,
Vulners: Exploitation: Unknown
X-Force: Risk: Unknown
X-Force: Patch: Unknown
CVE-2023-38952 [Vulners]
CVSS V3.1: 7.5,
Vulners: Exploitation: Unknown
X-Force: Risk: Unknown
X-Force: Patch: Unknown
Soft:
- zkteco biotime (8.5.5)
TTPs:
Tactics: 6
Technics: 18
IOCs:
File: 126
Path: 124
Coin: 1
Domain: 20
Url: 24
IP: 33
Command: 6
Hash: 16
Soft:
Microsoft Exchange server, PsExec, Microsoft Exchange, Active Directory, NET Framework, Tight VNC, Discord, SoftEther, icrosoft Exchange se, Local Security Authority, have more...
Algorithms:
base64, sha1, sha256, aes, xor, md5, zip
Functions:
GetPathSeparator, GetDrives, GetWebRoot, GetBasicServerInfo, FindWhat, GetBasicServerApplicationInfo, HXX0012, HXX0013, HXX0014, HXX0018, have more...
Languages:
powershell, golang, javascript
Platforms:
x86, x64
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Undefined