EncryptHub
· Published 21/12/2025 13:22 · Modified 21/12/2025 13:22
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 13:22
- Modified
- 21/12/2025 13:22
- Updated at
- 21/12/2025 13:22
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 2 reports, 24 attack patterns (mitre), 5 malware, 75 indicators, 1 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (2)
-
1 CVE 2 MITREs 2 Malwares 16 Observables 1 APT
-
5 MITREs 3 Malwares 66 Observables 1 APT
Attack patterns (MITRE) (24)
-
T1562.001 usesDisable or Modify Tools MITRE
-
T1082 usesSystem Information Discovery MITRE
-
T1210 usesExploitation of Remote Services MITRE
-
T1059.001 usesPowerShell MITRE
-
T1055 usesProcess Injection MITRE
-
T1573 usesEncrypted Channel MITRE
-
T1071 usesApplication Layer Protocol MITRE
-
T1132 usesData Encoding MITRE
-
T1020 usesAutomated Exfiltration MITRE
-
T1071.001 usesWeb Protocols MITRE
-
T1102 usesWeb Service MITRE
-
T1213 usesData from Information Repositories MITRE
Malware (5)
-
EncryptRAT usesFamily
-
Fickle Stealer usesFamily
-
Kematian Stealer usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Rhadamanthys usesFamily
-
SilentCrystal usesFamily
Indicators (75)
-
082fbf96c546fa58ccb72316a55b2c913ef9f551f7e761c7232a1477c14e6bb6indicates -
6fb7fd9763d6b269793c80bbc03a1be358390781af4b698fba1591cb8dbb8825indicates -
stix 100/100 Revoked· Valid until 24/05/2025 · Source: AlienVault
-
20d813dcfd6b6a44b27a09cf2e780cccab2bfef9c9b1e506424ff240a571e69cindicates -
stix 100/100 Revoked· Valid until 24/05/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 24/05/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 03/04/2026 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 03/04/2026 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 24/05/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 24/05/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 03/04/2026 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 24/05/2025 · Source: AlienVault
Vulnerabilities (CVE) (1)
7.0
High
Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally.
- Attack vector
- Local
- Published
- 11/03/2025
- Modified
- 21/12/2025