GOLD SALEM

Search IOCs, vulnerabilities, APT…

216.73.217.22

← Back to intrusion sets

· Published 21/12/2025 16:13 · Modified 21/12/2025 16:13 · Source: AlienVault

Essential information

Confidence: 100/100
Published: 21/12/2025 16:13
Modified: 21/12/2025 16:13
Updated at: 21/12/2025 16:13
Revoked: No
Author / Source: AlienVault
Resource level: —
Primary motivation: —
Related entities: 2 reports, 25 attack patterns (mitre), 4 malware, 10 sectors, 3 countries, 15 indicators, 5 vulnerabilities (cve)

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (2)

GOLD SALEM tradecraft for deploying Warlock ransomware

16 MITREs 4 Malwares 13 Observables 1 APT
Warlock operation joins busy ransomware landscape

5 CVEs 7 MITREs 1 Malware 2 Observables 1 APT

Attack patterns (MITRE) (25)

T1490 uses

Inhibit System Recovery MITRE
T1190 uses

Exploit Public-Facing Application MITRE
T1021.002 uses

SMB/Windows Admin Shares MITRE
T1105 uses

Ingress Tool Transfer MITRE
T1059.003 uses

Windows Command Shell MITRE
T1574.002 uses

MITRE
T1574.008 uses

Path Interception by Search Order Hijacking MITRE
T1003.001 uses

LSASS Memory MITRE
T1055 uses

Process Injection MITRE
T1570 uses

Lateral Tool Transfer MITRE
T1489 uses

Service Stop MITRE
T1036 uses

Masquerading MITRE

← Previous

Page / 3

1–12 of 25

Babyk uses

Family
Babuk - S0638 uses

Family
Warlock uses

Family
LockBit uses

Family

Sectors (10)

Defense targets
Transportation targets
Technology targets
Manufacturing targets
Government targets
Aerospace targets
Energy targets
Telecommunications targets
Retail targets
Construction targets

Countries (3)

Taiwan targets
United States of America targets
Russian Federation targets

Indicators (15)

a204a48496b54bcb7ae171ad435997b92eb746b5718f166b3515736ee34a65b4 indicates
67687b54f9cfee0b551c6847be7ed625e170d8bb882f888e3d0b22312db146cd indicates
a3b061300d6aee6f8c6e08c68b80a18a8d4500b66d0d179b962fd96f41dc2889 indicates
66a01192355a1ee15a0ceafacbf3bf83148813f67ba24bdfc5423e4fcb4e744f indicates
c70fafe5f9a3e5a9ee7de584dd024cb552443659f06348398d3873aa88fd6682 indicates
85844ae7394f2cf907b6378b415e77f7e29069c7e791598cf0985adf4f53320e indicates
2695e26637dbf8c2aa46af702c891a5a154e9a145948ce504db0ea6a2d50e734 indicates
996c7bcec3c12c3462220fc2c19d61ccc039005ef5e7c8fabc0b34631a31abb1 indicates
c8a8c7e21136a099665c2fad9accb41152d129466b719ea71678bab665e03389 indicates
ea4a453be116071ab1ccbd24eb8755bf0579649f41a7b94ab9e68571bb9f4a1e indicates
649bdaa38e60ede6d140bd54ca5412f1091186a803d3905465219053393f6421 indicates

stix 100/100

· Valid until 05/10/2026 · Source: AlienVault
ea8c8f834523886b07d87e85e24f124391d69a738814a0f7c31132b6b712ed65 indicates

← Previous

Page / 2

1–12 of 15

Vulnerabilities (CVE) (5)

CVE-2025-53771 targets

6.5 Medium

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing …

Attack vector: NETWORK
Published: 21/07/2025
Modified: 21/12/2025

Received

CVE-2025-49706 KEV targets

6.5 Medium

Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow …

Attack vector: Network
Published: 22/07/2025
Modified: 21/12/2025

CVE-2025-49704 KEV targets

8.8 High

Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could …

Attack vector: Network
Published: 22/07/2025
Modified: 21/12/2025

CVE-2024-51324 targets

3.8 Low

An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your …

Attack vector: NETWORK
Published: 11/02/2025
Modified: 21/12/2025

Awaiting Analysis

CVE-2025-53770 KEV targets

9.8 Critical

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware …

Attack vector: Network
Published: 20/07/2025
Modified: 21/12/2025

Analyzed

Contact About Legal notice Privacy policy Terms of use