Goldoon
· Published 21/12/2025 04:33 · Modified 21/12/2025 04:33
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 04:33
- Modified
- 21/12/2025 04:33
- Updated at
- 21/12/2025 04:33
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 1 reports, 18 attack patterns (mitre), 1 malware, 23 indicators, 1 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (1)
-
1 CVE 18 MITREs 1 Malware 24 Observables 1 APT
Attack patterns (MITRE) (18)
-
T1078 usesValid Accounts MITRE
-
T1204 usesUser Execution MITRE
-
T1059 usesCommand and Scripting Interpreter MITRE
-
T1071 usesApplication Layer Protocol MITRE
-
T1562 usesImpair Defenses MITRE
-
T1560 usesArchive Collected Data MITRE
-
T1095 usesNon-Application Layer Protocol MITRE
-
T1498 usesNetwork Denial of Service MITRE
-
T1546 usesEvent Triggered Execution MITRE
-
T1499 usesEndpoint Denial of Service MITRE
-
T1547 usesBoot or Logon Autostart Execution MITRE
-
T1529 usesSystem Shutdown/Reboot MITRE
Malware (1)
-
Goldoon usesFamily
Indicators (23)
-
8eb9c1eaecd0dcdd242e1bc8c62a1052915b627abe2de8ce147635fb7da3bfccindicates -
df71219ba6f5835309479b6e3eaca73b187f509b915420656bfe9a9cc32596c2indicates -
b050a1ff0d205f392195179233493ff5b6f44adc93fe0dba1f78c4fe90ebcc46indicates -
ffd2d3888b6b1289e380fa040247db6a4fbd2555db3e01fadd2fe41a0fa2debcindicates -
e7b78f16d0dfc91b4c7e8fd50fc31eba1eb22ec7030af9bf7c551b6019c79333indicates -
fdf6dae772f7003d0b7cdc55e047434dbd089e0dc7664a3fae8ccfd9d10ece8cindicates -
5631980fab33525f4de1b47be606cd518403f54fa71b81186f02dbf7e9ed0004indicates -
66f21251d7f8c58316f149fec104723beb979a1215ad4e788d83f0ee6fd34696indicates -
45bf2c9c6628d87a3cb85ee78ae3e92a09949185e6da11c41e2df04a53bb1274indicates -
115e15fbee077a9e126cc0eb349445df34cc9404245520c702fadc5f75b6f859indicates -
0e6eb17664943756cab434af5d94fcd341f154cb36fc6f1ef5eb5cfdce68975findicates
Vulnerabilities (CVE) (1)
8.8
High
D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
- Attack vector
- Adjacent
- Complexity
- LOW
- Published
- 23/02/2015
- Modified
- 22/04/2026