Budworm
Essential information
- Confidence
- 100/100
- Published
- 20/12/2025 22:22
- Modified
- 20/12/2025 22:22
- Updated at
- 20/12/2025 22:22
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 8 attack patterns (mitre), 1 malware, 2 sectors, 1 countries, 39 indicators, 2 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Attack patterns (MITRE) (8)
-
T1083 usesFile and Directory Discovery MITRE
-
T1190 usesExploit Public-Facing Application MITRE
-
T1059 usesCommand and Scripting Interpreter MITRE
-
T1036 usesMasquerading MITRE
-
T1574 usesHijack Execution Flow MITRE
-
T1027 usesObfuscated Files or Information MITRE
-
T1003 usesOS Credential Dumping MITRE
-
T1574.002 uses
Malware (1)
-
HyperBro usesFamily The MITRE Corporation Confidence 100
[HyperBro](https://attack.mitre.org/software/S0398) is a custom in-memory backdoor used by [Threat Group-3390](https://attack.mitre.org/groups/G0027).(Citation: Unit42 Emissary Panda May 2019)(Citation: Securelist LuckyMouse June 2018)(Citation: Hacker News LuckyMouse June 2018)
First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (2)
-
Manufacturing targets
-
Government targets
Countries (1)
-
United States of America targets
Indicators (39)
-
386c9079d65bdd7e3f7b8872024a80992b5d5c6a3c8b971c47d1ef439b9e2671indicates -
5c2d05bfc9b6d4fc7aea32312c62180564fac9f65b0867e824d81051e5fc34fdindicates -
stix 100/100 Revoked
GoLandBuildPE
· Valid until 16/01/2024 · Source: AlienVault -
6e493ce8dccabf172d818453cc9d4e5bf4b1969ff9690c51b8cb538346e8e00eindicates -
stix 100/100 Revoked
TEL:Trojan:Win32/SuspLDAPQuery.A
· Valid until 31/12/2024 · Source: AlienVault -
stix 100/100 Revoked· Valid until 16/01/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 16/01/2024 · Source: AlienVault
-
http://207.148.76.235/jquery-3.3.1.min.jsindicates -
stix 100/100 Revoked· Valid until 16/01/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 16/01/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 16/01/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 16/01/2024 · Source: AlienVault
Vulnerabilities (CVE) (2)
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an …
- Attack vector
- Network
- Complexity
- High
- Published
- 18/12/2021
- Modified
- 29/05/2026
Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
- Attack vector
- Network
- Published
- 10/12/2021
- Modified
- 27/05/2026