CL-STA-0048
· Published 21/12/2025 10:22 · Modified 21/12/2025 10:22
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 10:22
- Modified
- 21/12/2025 10:22
- Updated at
- 21/12/2025 10:22
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 1 reports, 12 attack patterns (mitre), 8 malware, 2 sectors, 15 indicators, 2 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (1)
-
2 CVEs 12 MITREs 13 Malwares 21 Observables 1 APTPublished 30/01/2025 00:39 · Modified 30/01/2025 10:04
Attack patterns (MITRE) (12)
-
T1553.002 usesCode Signing
-
T1021.002 usesSMB/Windows Admin Shares
-
T1505.003 usesWeb Shell
-
T1027 usesObfuscated Files or Information
-
T1055 usesProcess Injection
-
T1571 usesNon-Standard Port
-
T1003 usesOS Credential Dumping
-
T1083 usesFile and Directory Discovery
-
T1059.001 usesPowerShell
-
T1078.002 usesDomain Accounts
-
T1190 usesExploit Public-Facing Application
-
T1046 usesNetwork Service Discovery
Malware (8)
-
Korplug usesThe MITRE Corporation Confidence 100
[PlugX](https://attack.mitre.org/software/S0013) is a remote access tool (RAT) with modular plugins that has been used by multiple threat groups.(Citation: Lastline PlugX Analysis)(Citation: FireEye Clandestine Fox Part 2)(Citation: New DragonOK)(Citation: …
First seen 01/01/1970 · Last seen 16/11/5138 Published 31/05/2017 23:32 · Modified 08/06/2026 10:23 -
PlugX - S0013 usesFamilyPublished 05/06/2026 18:07 · Modified 05/06/2026 18:07
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:39 · Modified 27/05/2026 21:40
-
BadPotato usesFamilyPublished 05/06/2026 18:07 · Modified 05/06/2026 18:07
-
RasmanPotato usesFamilyPublished 30/01/2025 00:39 · Modified 30/01/2025 00:39
-
ValleyRAT usesFamilyPublished 08/06/2026 10:30 · Modified 08/06/2026 10:30
-
Stowaway usesFamilyPublished 26/02/2025 09:27 · Modified 26/02/2025 09:27
-
SspiUacBypass usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 10:22 · Modified 21/12/2025 10:22
Sectors (2)
- Telecommunications targets
- Government targets
Indicators (15)
-
test.nulq5r.ceye.ioindicates -
3503d6ccb9f49e1b1cb83844d1b05ae3cf7621dfec8dc115a40abb9ec61b00bbindicates -
web.nginxui.ccindicates -
edc9222aece9098ad636af351dd896ffee3360e487fda658062a9722edf02185indicates -
525540eac2d90c94dd3352c7dd624720ff2119082807e2670785aed77746301dindicates -
a09179dec5788a7eee0571f2409e23df57a63c1c62e4b33f2af068351e5d9e2dindicates -
mail.tttseo.comindicates -
https://h5.nasa6.com/shell/indicates -
8dfc107662f22cff20d19e0aba76fcd181657255078a78fb1be3d3a54d0c3d46indicates -
0f85b67f0c4ca0e7a80df8567265b3fa9f44f2ad6ae09a7c9b7fac2ca24e62a8indicates -
c5af6fd69b75507c1ea339940705eaf61deadd9c3573d2dec5324c61e77e6098indicates -
af0baf0a9142973a3b2a6c8813a3b4096e516188a48f7fd26ecc8299bce508e1indicates
Vulnerabilities (CVE) (2)
7.0
High
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …
- Attack vector
- LOCAL
- Published
- 09/01/2025
- Modified
- 21/12/2025
CVE-2025-0282
KEV
9.0
Critical
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …
- Attack vector
- Network
- Published
- 08/01/2025
- Modified
- 21/12/2025