GOLD SALEM
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 16:13
- Modified
- 21/12/2025 16:13
- Updated at
- 21/12/2025 16:13
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 2 reports, 25 attack patterns (mitre), 4 malware, 10 sectors, 3 countries, 15 indicators, 5 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (2)
-
16 MITREs 4 Malwares 13 Observables 1 APT
-
5 CVEs 7 MITREs 1 Malware 2 Observables 1 APT
Attack patterns (MITRE) (25)
-
T1003 usesOS Credential Dumping MITRE
-
T1562.001 usesDisable or Modify Tools MITRE
-
T1027 usesObfuscated Files or Information MITRE
-
T1569 usesSystem Services MITRE
-
T1573 usesEncrypted Channel MITRE
-
T1505.003 usesWeb Shell MITRE
-
T1071 usesApplication Layer Protocol MITRE
-
T1133 usesExternal Remote Services MITRE
-
T1078 usesValid Accounts MITRE
-
T1484.001 usesGroup Policy Modification MITRE
-
T1140 usesDeobfuscate/Decode Files or Information MITRE
-
T1567 usesExfiltration Over Web Service MITRE
Malware (4)
-
Babyk usesFamily
-
Babuk - S0638 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Warlock usesFamily
-
LockBit usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (10)
-
Defense targets
-
Transportation targets
-
Technology targets
-
Manufacturing targets
-
Government targets
-
Aerospace targets
-
Energy targets
-
Telecommunications targets
-
Retail targets
-
Construction targets
Countries (3)
-
Taiwan targets
-
United States of America targets
-
Russian Federation targets
Indicators (15)
-
a204a48496b54bcb7ae171ad435997b92eb746b5718f166b3515736ee34a65b4indicates -
stix 100/100· Valid until 07/12/2026 · Source: AlienVault
-
a3b061300d6aee6f8c6e08c68b80a18a8d4500b66d0d179b962fd96f41dc2889indicates -
66a01192355a1ee15a0ceafacbf3bf83148813f67ba24bdfc5423e4fcb4e744findicates -
stix 100/100· Valid until 07/12/2026 · Source: AlienVault
-
stix 100/100· Valid until 07/12/2026 · Source: AlienVault
-
2695e26637dbf8c2aa46af702c891a5a154e9a145948ce504db0ea6a2d50e734indicates -
996c7bcec3c12c3462220fc2c19d61ccc039005ef5e7c8fabc0b34631a31abb1indicates -
stix 100/100· Valid until 07/12/2026 · Source: AlienVault
-
stix 100/100· Valid until 07/12/2026 · Source: AlienVault
-
stix 100/100· Valid until 05/10/2026 · Source: AlienVault
-
stix 100/100· Valid until 07/12/2026 · Source: AlienVault
Vulnerabilities (CVE) (5)
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing …
- Attack vector
- NETWORK
- Published
- 21/07/2025
- Modified
- 21/12/2025
Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow …
- Attack vector
- Network
- Published
- 22/07/2025
- Modified
- 21/12/2025
Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could …
- Attack vector
- Network
- Published
- 22/07/2025
- Modified
- 21/12/2025
An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your …
- Attack vector
- NETWORK
- Published
- 11/02/2025
- Modified
- 21/12/2025
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware …
- Attack vector
- Network
- Published
- 20/07/2025
- Modified
- 21/12/2025