CL-STA-1132

Search IOCs, vulnerabilities, APT…

216.73.216.6

← Back to intrusion sets

· Published 08/05/2026 11:19 · Modified 08/05/2026 11:19 · Source: AlienVault

Essential information

Confidence: 100/100
Published: 08/05/2026 11:19
Modified: 08/05/2026 11:19
Updated at: 08/05/2026 11:19
Revoked: No
Author / Source: AlienVault
Resource level: —
Primary motivation: —
Related entities: 1 reports, 20 attack patterns (mitre), 2 malware, 4 indicators, 12 vulnerabilities (cve)

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (1)

Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day …

12 CVEs 20 MITREs 2 Malwares 4 Observables 1 APT

Attack patterns (MITRE) (20)

T1572 uses

Protocol Tunneling MITRE
T1087.002 uses

Domain Account MITRE
T1105 uses

Ingress Tool Transfer MITRE
T1078 uses

Valid Accounts MITRE
T1498.001 uses

Direct Network Flood MITRE
T1021.004 uses

SSH MITRE
T1071 uses

Application Layer Protocol MITRE
T1098 uses

Account Manipulation MITRE
T1190 uses

Exploit Public-Facing Application MITRE
T1090 uses

Proxy MITRE
T1018 uses

Remote System Discovery MITRE
T1068 uses

Exploitation for Privilege Escalation MITRE

← Previous

Page / 2

1–12 of 20

ReverseSocks5 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
EarthWorm uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

Indicators (4)

e11f69b49b6f2e829454371c31ebf86893f82a042dae3f2faf63dcd84f97a584 indicates

stix 100/100

· Valid until 03/05/2027 · Source: AlienVault
136.0.8.48 indicates

stix 100/100 Revoked

· Valid until 31/05/2026 · Source: AlienVault
67.206.213.86 indicates

stix 100/100 Revoked

· Valid until 31/05/2026 · Source: AlienVault
149.104.66.84 indicates

stix 100/100 Revoked

· Valid until 31/05/2026 · Source: AlienVault

Vulnerabilities (CVE) (12)

CVE-2026-31431 KEV targets

7.8 High

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 …

Attack vector: LOCAL
Complexity: LOW
EPSS: 0.0001 (P0.6%)
Published: 22/04/2026
Modified: 23/05/2026

CWE-669 Awaiting Analysis

CVE-2025-14847 KEV targets

8.7 High

Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue …

Attack vector: NETWORK
Published: 19/12/2025
Modified: 26/01/2026

Awaiting Analysis

CVE-2025-55182 KEV targets

10.0 Critical

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, …

Attack vector: Network
Published: 05/12/2025
Modified: 29/05/2026

Analyzed

CVE-2026-1281 KEV targets

9.8 Critical

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.

Attack vector: NETWORK
Published: 29/01/2026
Modified: 27/03/2026

Analyzed

CVE-2026-22584 targets

9.8 Critical

Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable …

Attack vector: NETWORK
EPSS: 0.0003 (P7.6%)
Published: 09/01/2026
Modified: 17/04/2026

Received

CVE-2026-0300 KEV targets

9.3 Critical

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated …

Attack vector: Network
Complexity: Low
Published: 06/05/2026
Modified: 15/05/2026

CWE-787 Received

CVE-2026-1731 KEV targets

9.9 Critical

BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker …

Attack vector: Network
Published: 13/02/2026
Modified: 20/02/2026

Received

CVE-2025-0921 targets

6.5 Medium

Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 …

Attack vector: Local
Complexity: LOW
Published: 16/05/2025
Modified: 17/04/2026

CWE-250

CVE-2023-33538 KEV targets

8.8 High

TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be …

Attack vector: Network
Published: 16/06/2025
Modified: 21/12/2025

CVE-2025-66478 targets

Rejected reason: This CVE is a duplicate of CVE-2025-55182.

Published: 20/12/2025
Modified: 21/12/2025

Rejected

CVE-2025-23304 targets

7.8 High

NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by …

Attack vector: LOCAL
Published: 13/08/2025
Modified: 17/04/2026

Awaiting Analysis

CVE-2026-1340 KEV targets

9.8 Critical

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.

Attack vector: NETWORK
Complexity: LOW
Published: 29/01/2026
Modified: 10/04/2026

CWE-94 Received

Contact About Legal notice Privacy policy Terms of use

CL-STA-1132

Essential information

Description

Marking (TLP)

Related entities

Reports (1)

Attack patterns (MITRE) (20)

Malware (2)

Indicators (4)

Vulnerabilities (CVE) (12)