Flax Typhoon
· Published 21/12/2025 07:13 · Modified 21/12/2025 07:13
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 07:13
- Modified
- 21/12/2025 07:13
- Updated at
- 21/12/2025 07:13
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 1 reports, 16 attack patterns (mitre), 1 malware, 5 sectors, 3 countries, 102 indicators, 1 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (1)
-
1 CVE 16 MITREs 1 Malware 198 Observables 1 APTPublished 20/09/2024 11:41 · Modified 20/09/2024 12:18
Attack patterns (MITRE) (16)
-
T1573 usesEncrypted Channel
-
T1071 usesApplication Layer Protocol
-
Multi-Stage Channels usesT1104
-
T1498 usesNetwork Denial of Service
-
T1572 usesProtocol Tunneling
-
T1090 usesProxy
-
T1584 usesCompromise Infrastructure
-
T1105 usesIngress Tool Transfer
-
T1133 usesExternal Remote Services
-
T1499 usesEndpoint Denial of Service
-
T1095 usesNon-Application Layer Protocol
-
T1571 usesNon-Standard Port
-
T1190 usesExploit Public-Facing Application
-
T1132 usesData Encoding
-
T1588 usesObtain Capabilities
-
T1587 usesDevelop Capabilities
Malware (1)
-
Nosedive usesFamilyPublished 20/09/2024 11:41 · Modified 20/09/2024 11:41
Sectors (5)
- Defense targets
- Education targets
- Telecommunications targets
- Government targets
- Technology targets
Countries (3)
- United States of America targets
- Taiwan targets
- Kazakhstan targets
Indicators (102)
-
firc.b2047.comindicates -
api.k3121.comindicates -
obqlibg.comindicates -
gmhrxhc.comindicates -
cvgeuwo.comindicates -
ujrtkw.comindicates -
lomuzs.comindicates -
blepmhnay.comindicates -
woaba.comindicates -
xaqw.k3121.comindicates -
hfsdln.comindicates -
axqw.k3121.comindicates -
tvcvhzyk.comindicates -
546390a3a296154e36051dda745b573658311f9831789bb1faca411a3803a9bbindicates -
awbpxtpi.w8510.comindicates -
zuszr.comindicates -
bzbatflwb.w8510.comindicates -
sreudcnb.comindicates -
aqakffj.comindicates -
hy424.comindicates -
wvsezu.comindicates -
lfdx.k3121.comindicates -
hy42.comindicates -
2aa12e5989065951be84ce932b65bd197dd6be3fa987838bad48536c0c74d145indicates -
c6fe1748e68923f278926ee8679aaee22800b9c93c38641d12ea0e945e116bb0indicates -
eufcj.comindicates -
hersrr.comindicates -
qsxgzu.comindicates -
awqx.k3121.comindicates -
ecvkiehs.comindicates -
omviak.comindicates -
dvujvkfu.comindicates -
zasdfgasd.w8510.comindicates -
qjknpv.comindicates -
bcdkwwuah.comindicates -
voias.b2047.comindicates -
zdacasdc.w8510.comindicates -
kmgzbowwg.comindicates -
lofeuq.comindicates -
grntjr.comindicates -
hy30.comindicates -
hy1025.comindicates -
hyddh.comindicates -
jgnsqihc.comindicates -
kuyw.b2047.comindicates -
nulp.k3121.comindicates -
lfzupr.comindicates -
awerdasvbjgrt.b2047.comindicates -
hy324.comindicates -
xxqw.b2047.comindicates -
adjsn.comindicates -
qwsd.k3121.comindicates -
kliscjaisdjhi.w8510.comindicates -
ayln.b2047.comindicates -
saoadlg.comindicates -
hy529.comindicates -
hy619.comindicates -
ttcyci.comindicates -
xbqw.k3121.comindicates -
zdacxzd.w8510.comindicates -
nhcmdikkd.comindicates -
tuisasdcxzd.w8510.comindicates -
nmfagp.comindicates -
rnjca.comindicates -
hnai.k3121.comindicates -
glxxet.comindicates -
hy92.comindicates -
lznmihdej.comindicates -
hume.b2047.comindicates -
cvmnomvxm.comindicates -
lyblqwesfawe.w8510.comindicates -
hyjk.k3121.comindicates -
hy229.comindicates -
mudvw.comindicates -
bxgtbv.comindicates -
oploz.comindicates -
ocmnusdjdik.w8510.comindicates -
ykcmewapc.comindicates -
ysubryfv.comindicates -
aewreiuicajo.w8510.comindicates -
mvxnspcqr.comindicates -
sbuybjv.comindicates -
bkhqwfhtu.comindicates -
osiso.comindicates -
ftcexq.comindicates -
oklm.k3121.comindicates -
jkwxcc.comindicates -
amdord.comindicates -
mjiudwajhkf.w8510.comindicates -
fajxtg.comindicates -
dkuwbcen.comindicates -
mail.k3121.comindicates -
hy830.comindicates -
clqqknzb.comindicates -
oicdsgjxz.comindicates -
wndaoyk.comindicates -
iycwqot.comindicates -
vbbrfvhrg.comindicates -
hy811.comindicates -
wmllxwkg.w8510.comindicates -
apdfhhjcxcb.w8510.comindicates -
vgbgwzmr.comindicates
Vulnerabilities (CVE) (1)
CVE-2024-21887
KEV
9.1
Critical
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web …
- Attack vector
- Network
- Published
- 10/01/2024
- Modified
- 27/05/2026