GlassWorm
· Published 21/12/2025 18:54 · Modified 21/12/2025 18:54
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 18:54
- Modified
- 21/12/2025 18:54
- Updated at
- 21/12/2025 18:54
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 3 reports, 49 attack patterns (mitre), 2 malware, 1 sectors, 17 indicators
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (3)
-
AlienVault Confidence 100 17 MITREs 1 Malware 12 IOCs 12 Observables 1 APTPublished 16/06/2026 06:27 · Modified 16/06/2026 11:18 · threat-report
-
AlienVault Confidence 100 18 MITREs 3 IOCs 3 Observables 1 APTPublished 27/04/2026 18:18 · Modified 27/04/2026 16:31 · threat-report
-
18 MITREs 1 Malware 1 Observable 1 APTPublished 26/03/2026 20:45 · Modified 27/03/2026 00:11
Attack patterns (MITRE) (49)
-
T1115 usesClipboard Data
-
T1218 usesSystem Binary Proxy Execution
-
T1133 usesExternal Remote Services
-
T1547.001 usesRegistry Run Keys / Startup Folder
-
T1543.003 usesWindows Service
-
T1204.002 usesMalicious File
-
T1562.001 usesDisable or Modify Tools
-
T1185 usesBrowser Session Hijacking
-
T1036 usesMasquerading
-
T1056 usesInput Capture
-
T1518.001 usesSecurity Software Discovery
-
T1113 usesScreen Capture
-
T1059.001 usesPowerShell
-
T1056.001 usesKeylogging
-
T1571 usesNon-Standard Port
-
T1608.005 usesLink Target
-
T1027 usesObfuscated Files or Information
-
T1497.001 usesSystem Checks
-
T1573 usesEncrypted Channel
-
T1059.003 usesWindows Command Shell
-
T1059 usesCommand and Scripting Interpreter
-
T1554 usesCompromise Host Software Binary
-
T1539 usesSteal Web Session Cookie
-
T1498 usesNetwork Denial of Service
-
T1497.003 usesTime Based Checks
-
T1195.002 usesCompromise Software Supply Chain
-
T1102.003 usesOne-Way Communication
-
T1608.001 usesUpload Malware
-
T1573.001 usesSymmetric Cryptography
-
T1140 usesDeobfuscate/Decode Files or Information
-
T1071 usesApplication Layer Protocol
-
T1573.002 usesAsymmetric Cryptography
-
T1078 usesValid Accounts
-
T1608.004 usesDrive-by Target
-
T1102 usesWeb Service
-
T1195.001 usesCompromise Software Dependencies and Development Tools
-
T1105 usesIngress Tool Transfer
-
T1195 usesSupply Chain Compromise
-
T1071.001 usesWeb Protocols
-
T1021 usesRemote Services
-
T1205.001 usesPort Knocking
-
T1059.007 usesJavaScript
-
T1176 usesSoftware Extensions
-
T1102.001 usesDead Drop Resolver
-
T1059.004 usesUnix Shell
-
T1555 usesCredentials from Password Stores
-
T1036.005 usesMatch Legitimate Resource Name or Location
-
T1190 usesExploit Public-Facing Application
-
T1056.004 usesCredential API Hooking
Malware (2)
Sectors (1)
- Technology targets
Indicators (17)
-
dodod.latindicates -
http://dodod.lat/win32/i/_indicates -
http://217.69.3.218/get_zombi_payload/qQD%2FJoi3WCWSk8ggGHiTdg%3D%3Dindicates -
1b62b7c2ed7cc296ce821f977ef7b22bae59ef1dcdb9a34ae19467ee39bcf168indicates -
http://dodod.lat/darwin/i/_indicates -
1e283327ad048bea39f4a8501770858a20f3555e87fe3e202274f2e87f8a3c25indicates -
http://217.69.3.218/get_arhive_npm/indicates -
3aa31999398e7f80231c03d7137ffdb554a84b83dbcffc59ce16c9a65f9e5d58indicates -
https://dodod.lat/darwin/i/_indicates -
http://dodod.lat/linux/i/_indicates -
https://dodod.lat/indicates -
https://dodod.lat/win32/i/_indicates -
https://dodod.lat/linux/i/_indicates -
97c275e3406ad6576529f41604ad138c5bdc4297d195bf61b049e14f6b30adfdindicates -
558b4f1d9a263c13756ab0126c09dd080c85ba405b29488e1c4e6aa68b554f1findicates -
4ebfe8f66ca7e9751060b3301b5e8838d6017593cdae748541de83bfa28183bdindicates -
45.150.34.158indicates