Eagle Werewolf, ENERGETIC BEAR, Velvet Tempest, APT28, GrayCharlie
· Published 22/05/2026 09:12 · Modified 22/05/2026 09:12
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 22/05/2026 09:12
- Modified
- 22/05/2026 09:12
- Updated at
- 22/05/2026 09:12
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 1 reports, 21 attack patterns (mitre), 24 malware, 2 sectors, 5 indicators, 1 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (1)
-
1 CVE 21 MITREs 24 Malwares 5 Observables 1 APTPublished 21/05/2026 23:03 · Modified 22/05/2026 07:13
Attack patterns (MITRE) (21)
-
T1027 usesObfuscated Files or Information
-
T1583.001 usesDomains
-
T1078 usesValid Accounts
-
T1059.001 usesPowerShell
-
T1562.001 usesDisable or Modify Tools
-
T1204.001 usesMalicious Link
-
T1543 usesCreate or Modify System Process
-
T1136 usesCreate Account
-
T1566.001 usesSpearphishing Attachment
-
T1098 usesAccount Manipulation
-
T1036 usesMasquerading
-
T1071.004 usesDNS
-
T1573 usesEncrypted Channel
-
T1055 usesProcess Injection
-
T1497 usesVirtualization/Sandbox Evasion
-
T1105 usesIngress Tool Transfer
-
T1053 usesScheduled Task/Job
-
T1106 usesNative API
-
T1140 usesDeobfuscate/Decode Files or Information
-
T1190 usesExploit Public-Facing Application
-
T1071.001 usesWeb Protocols
Malware (24)
-
Prism X usesFamilyPublished 21/05/2026 23:03 · Modified 21/05/2026 23:03
-
EchoGather usesFamilyPublished 21/05/2026 23:03 · Modified 21/05/2026 23:03
-
Mozi usesFamilyPublished 21/05/2026 23:03 · Modified 21/05/2026 23:03
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:39 · Modified 27/05/2026 21:40
-
Termite usesFamilyPublished 21/05/2026 23:03 · Modified 21/05/2026 23:03
-
SoullessRAT usesFamilyPublished 21/05/2026 23:03 · Modified 21/05/2026 23:03
-
Mirai usesFamilyPublished 21/05/2026 23:03 · Modified 21/05/2026 23:03
-
Phorpiex usesFamilyPublished 21/05/2026 23:03 · Modified 21/05/2026 23:03
-
Gophish usesFamilyPublished 21/05/2026 23:03 · Modified 21/05/2026 23:03
-
DynoWiper usesFamilyPublished 21/05/2026 23:03 · Modified 21/05/2026 23:03
-
RondoDox usesFamilyPublished 21/05/2026 23:03 · Modified 21/05/2026 23:03
-
Acunetix usesFamilyPublished 21/05/2026 23:03 · Modified 21/05/2026 23:03
-
Keitaro usesFamilyPublished 21/05/2026 23:03 · Modified 21/05/2026 23:03
-
Sliver usesFamilyPublished 12/06/2026 21:29 · Modified 12/06/2026 21:29
-
Tactical RMM usesFamilyPublished 21/05/2026 23:03 · Modified 21/05/2026 23:03
-
AquilaRAT usesFamilyPublished 21/05/2026 23:03 · Modified 21/05/2026 23:03
-
LockBit Black usesFamilyPublished 21/05/2026 23:03 · Modified 21/05/2026 23:03
-
NetSupport RAT usesFamilyPublished 22/05/2026 13:08 · Modified 22/05/2026 13:08
-
Twizt usesFamilyPublished 21/05/2026 23:03 · Modified 21/05/2026 23:03
-
HellsUchecker usesFamilyPublished 21/05/2026 23:03 · Modified 21/05/2026 23:03
-
Phexia usesFamilyPublished 21/05/2026 23:03 · Modified 21/05/2026 23:03
-
Hajime usesFamilyPublished 21/05/2026 23:03 · Modified 21/05/2026 23:03
-
XMRig usesFamilyPublished 28/05/2026 10:56 · Modified 28/05/2026 10:56
-
AsyncRAT usesFamilyPublished 11/06/2026 16:31 · Modified 11/06/2026 16:31
Sectors (2)
- Government targets
- Energy targets
Indicators (5)
-
37.32.15.8indicates -
5.109.182.231indicates -
197.51.170.131indicates -
94.252.245.193indicates -
93.113.62.247indicates
Vulnerabilities (CVE) (1)
CVE-2025-11953
KEV
9.8
Critical
The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes …
- Attack vector
- NETWORK
- Published
- 03/11/2025
- Modified
- 07/02/2026