Budworm
· Published 20/12/2025 22:22 · Modified 20/12/2025 22:22
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 20/12/2025 22:22
- Modified
- 20/12/2025 22:22
- Updated at
- 20/12/2025 22:22
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 8 attack patterns (mitre), 1 malware, 2 sectors, 1 countries, 39 indicators, 2 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Attack patterns (MITRE) (8)
-
T1083 usesFile and Directory Discovery MITRE
-
T1190 usesExploit Public-Facing Application MITRE
-
T1059 usesCommand and Scripting Interpreter MITRE
-
T1036 usesMasquerading MITRE
-
T1574 usesHijack Execution Flow MITRE
-
T1027 usesObfuscated Files or Information MITRE
-
T1003 usesOS Credential Dumping MITRE
-
T1574.002 uses
Malware (1)
-
HyperBro usesFamily The MITRE Corporation Confidence 100
[HyperBro](https://attack.mitre.org/software/S0398) is a custom in-memory backdoor used by [Threat Group-3390](https://attack.mitre.org/groups/G0027).(Citation: Unit42 Emissary Panda May 2019)(Citation: Securelist LuckyMouse June 2018)(Citation: Hacker News LuckyMouse June 2018)
First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (2)
-
Manufacturing targets
-
Government targets
Countries (1)
-
United States of America targets
Indicators (39)
-
bebce37572ea2856663383215a013f8115c1f81da0f2bf1233c959955c494032indicates -
c4f7ec0c03bcacaaa8864b715eb617d5a86b5b3ca6ee1e69ac766773c4eb00e6indicates -
0d46907320ab55d98966389f41441aa0341a7db829cd166748d8929d466c9fbaindicates
Vulnerabilities (CVE) (2)
CVE-2021-45105
targets
5.9
Medium
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an …
- Attack vector
- Network
- Complexity
- High
- Published
- 18/12/2021
- Modified
- 29/05/2026
10.0
Critical
Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
- Attack vector
- Network
- Published
- 10/12/2021
- Modified
- 27/05/2026