GOLD BLADE
· Published 21/12/2025 15:14 · Modified 21/12/2025 15:14
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 15:14
- Modified
- 21/12/2025 15:14
- Updated at
- 21/12/2025 15:14
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 2 reports, 23 attack patterns (mitre), 3 malware, 4 sectors, 2 countries, 31 indicators
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (2)
-
19 MITREs 3 Malwares 28 Observables 1 APT
-
5 MITREs 1 Malware 5 Observables 1 APT
Attack patterns (MITRE) (23)
-
T1082 usesSystem Information Discovery MITRE
-
T1049 usesSystem Network Connections Discovery MITRE
-
T1083 usesFile and Directory Discovery MITRE
-
T1140 usesDeobfuscate/Decode Files or Information MITRE
-
T1070 usesIndicator Removal MITRE
-
T1573 usesEncrypted Channel MITRE
-
T1218 usesSystem Binary Proxy Execution MITRE
-
T1486 usesData Encrypted for Impact MITRE
-
T1057 usesProcess Discovery MITRE
-
T1490 usesInhibit System Recovery MITRE
-
T1547 usesBoot or Logon Autostart Execution MITRE
Malware (3)
-
Terminator usesFamily
-
RedLoader usesFamily
-
QWCrypt usesFamily
Sectors (4)
-
Technology targets
-
Manufacturing targets
-
Retail targets
-
Services targets
Countries (2)
-
United States of America targets
-
Canada targets
Indicators (31)
-
194.113.245.238indicates -
c330c918051e07c50f023e9bd5099dc34f81778c6d0d1a8ad245687b701f5278indicates -
568352411deff640ba781ae55d98d657da02191d97e0466e6883b966dd1e77dbindicates -
9ce8c43d7d8ddab18fde6ca3c0f23efb5491d460bffc8c0ea5fc2f61a6e7b8e4indicates -
dcc85cc6b984961187ae364be8ee11541dee4f7a46bea3960c0218465fbc6b96indicates -
567f8647be25cd2943a014d525923e9fa17a129cf48b0a9802f0180b13ed130cindicates -
6755db8d62c605cb15cc7eca9d857601e0911dd839562027e3cb03f12d25ef4cindicates -
ac57fdf8297ec48e506f686c7f9ec90c1ccd7f828193eeb37f86483a43519617indicates -
ab4695e5d5472af124ea69e0c1abb4c9726980b4c99c5da10ae2ba85f55bf1e4indicates -
f5203c7ac07087fd5029d83141982f0a5e78f169cdc4ab9fc097cc0e2981d926indicates -
40506a308bfbb71e1f7d6a6473f4cc3eafa8d594232f0f23208494ec3649b69aindicates -
live.airemoteplant.workers.devindicates