GroozaV2
· Published 21/12/2025 18:01 · Modified 29/05/2026 12:20
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 18:01
- Modified
- 29/05/2026 12:20
- Updated at
- 29/05/2026 12:20
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 1 reports, 10 attack patterns (mitre), 1 malware, 2 sectors, 7 countries, 179 indicators, 1 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (1)
-
1 CVE 5 MITREs 1 Malware 200 Observables 1 APTPublished 01/10/2025 08:00 · Modified 01/10/2025 09:33
Attack patterns (MITRE) (10)
-
T1589.002 usesEmail Addresses
-
T1586.002 usesEmail Accounts
-
T1583.001 usesDomains
-
T1078 usesValid Accounts
-
T1592.004 usesClient Configurations
-
T1588.001 usesMalware
-
T1190 usesExploit Public-Facing Application
-
T1566.002 usesSpearphishing Link
-
T1584.001 usesDomains
-
T1608.001 usesUpload Malware
Malware (1)
-
Grooza usesFamilyPublished 01/10/2025 08:00 · Modified 01/10/2025 08:00
Sectors (2)
- Government targets
- Telecommunications targets
Countries (7)
- Italy targets
- Hungary targets
- Portugal targets
- France targets
- Belgium targets
- Sweden targets
- Norway targets
Indicators (179)
-
https://marketexpresso.site/admin/indicates -
nookbees.comindicates -
https://superluckbet.com/bonus/indicates -
telianorge.duckdns.orgindicates -
ebox.plus-billing.sbsindicates -
creativetrendwatcher.beindicates -
auth-simply.grupositel.comindicates -
https://carloscunhayoga.com/Backup/indicates -
spotify-online-s.ydns.euindicates -
candperdizes.comindicates -
sv-management.firstresponder.nlindicates -
https://edizhoca.com/wp-backup/indicates -
yuhz.confeciona.comindicates -
https://alkodieshop.gr/up/indicates -
telia-online-service-n382322323.ydns.euindicates -
grupo-sk.comindicates -
luis.com.veindicates -
https://sv-management.olekgs.nl/en/home/verification.phpindicates -
https://crediadvisor.pt/inicio/indicates -
avrasyaproje.com.trindicates -
https://torvi.pt/Backup/indicates -
disney.plus-billing.sbsindicates -
https://sv-management.hospackfarma.nl/wix/verification.phpindicates -
alojagora.comindicates -
https://moqvk9zc.dreamwp.com/cr.phpindicates -
sv-weebly-manage.solarflevoland.nlindicates -
https://chissema.com/backup/indicates -
https://airprint.gr/kund/indicates -
https://vortica.net/mail/indicates -
restaurantefialho.ptindicates -
www.stassa.ptindicates -
ebox.csam-trust.xyzindicates -
https://nwminingindaba.co.za/Kunden/indicates -
fixus.co.aoindicates -
devwrapi.washrocks.comindicates -
https://hotm.art/HUDL28128indicates -
www.mail.klentbeposting.duckdns.orgindicates -
lp.washrocks.comindicates -
https://dewa-ae.mandegroupeinternational.org/gov/verification.phpindicates -
https://www.autentifuturo.pt/mail/indicates -
login.csam-terugbetaling.workindicates -
https://bluesign.pt/mail/indicates -
https://crazybubble.pt/data/indicates -
outprint.ptindicates -
www.aeoj.orgindicates -
kundlingpostbe.bounceme.netindicates -
https://grupo-sk.com/mail/indicates -
https://service-interbancaire.page.devindicates -
https://afpsat.pt/cbb/indicates -
https://edificiomallorca.com/data/indicates -
62e9e09879ad08e04c4809475407f30d3ba22da53231f11aa1673c99c1225e94indicates -
sv-management.eco-fin-service.itindicates -
https://auth-simply.grupositel.com/simply/mark.phpindicates -
coureladozambujeiro.comindicates -
https://alexismaidana.com.ar/padron/indicates -
63dad92479c34dde8849303d879ede3b6dc9cd87d07916c1a4f188eaea92d72bindicates -
https://alkodi.gr/kund/indicates -
https://awladlktoccyat.ortomanalessia.com/ppl-it/mark.phpindicates -
https://paixaobaptista.pt/data/indicates -
www.netflix-online-service-n26382932.duckdns.orgindicates -
gelalentejo.comindicates -
https://www.afpsat.pt/cbb/indicates -
afpsat.ptindicates -
csam.ebox-login.xyzindicates -
gfc-angola.comindicates -
https://vmaxmagazin.hu/wp-mail/indicates -
https://naprakeszingatlan.hu/wp-mail/indicates -
csam.e-box.helpindicates -
https://sites-leiria.pt/financas/data/indicates -
www.post-israel-online-service-8327328982392.opensuc.comindicates -
scmalmodovar.ptindicates -
https://jnsi.xyz/IT/indicates -
https://metodorsame.sinistraperisraele.com/ppl-it/mark.phpindicates -
estrk.xyzindicates -
urlocalartist.ptindicates -
https://ebox.csam-trust.xyz/?code=indicates -
dynpyads.comindicates -
https://restaurantefialho.pt/mail/indicates -
ebox.amltrust.cashindicates -
https://devwrapi.washrocks.com/home/verification.phpindicates -
wheelmedia.huindicates -
marcioimoveis.ptindicates -
https://jnsi.xyzindicates -
https://weaving.pt/data/indicates -
https://aefpceup.pt/mail/indicates -
awladlktoccyat.ortomanalessia.comindicates -
https://guvenisi.com/js/cform/indicates -
https://wheelmedia.hu/wheelmediahu/indicates -
guvenisi.comindicates -
ebox.e-login.xyzindicates -
airprint.grindicates -
https://marcioimoveis.pt/mit/indicates -
marketexpresso.siteindicates -
thewondersmx.comindicates -
https://www.aeoj.org/mail/indicates -
https://coureladozambujeiro.com/wp-mail/indicates -
https://luis.com.ve/mail/indicates -
https://ilustremotivo.com/mail/indicates -
nwminingindaba.co.zaindicates -
https://acountinteruption.diprimiocostruzioni.it/ppl-it/mark.phpindicates -
ateci.ptindicates -
torvi.ptindicates -
https://sites-leiria.pt/es/indicates -
metodorsame.sinistraperisraele.comindicates -
https://ebox.amltrust.cash/?code=indicates -
https://alkodi.gr/backup/indicates -
alexismaidana.com.arindicates -
https://devwrapi.washrocks.com/auth/en/verification.phpindicates -
booking-confimraition-28732893.duckdns.orgindicates -
weaving.ptindicates -
https://sv-management.ogveranda.com/wix/verification.phpindicates -
crazybubble.ptindicates -
https://alpyateknoloji.com/wp-backup/indicates -
raiugarts.comindicates -
https://sanremomotors.co.za/wp-mail/indicates -
https://dpd-de.eyo-copter.com/pdpde/verification.phpindicates -
graficateke.com.brindicates -
chissema.comindicates -
jnsi.xyzindicates -
https://graficateke.com.br/mail/indicates -
alkodieshop.grindicates -
edificiomallorca.comindicates -
ebox.dlogin.infoindicates -
https://candperdizes.com/mail/indicates -
https://alkodieshop.gr/up//indicates -
https://ccjc.pt/info/indicates -
https://ekademies.com/wp-mail/indicates -
carloscunhayoga.comindicates -
https://sv-weebly-manage.solarflevoland.nl/app/verification.phpindicates -
assurancemaladie-renouvellement.infoindicates -
dpd-de.eyo-copter.comindicates -
paixaobaptista.ptindicates -
https://mikro.pt/kund/indicates -
telianorge.onthewifi.comindicates -
sv-management.olekgs.nlindicates -
https://ebox.terugbetaling.online/index.html.code=indicates -
https://nookbees.com/mail/indicates -
https://valeriatari.com/mytv/indicates -
criamoda.comindicates -
https://yuhz.confeciona.com/indicates -
valeriatari.comindicates -
ekademies.comindicates -
aefpceup.ptindicates -
https://shf.com.pt/mail/indicates -
https://api.solarflevoland.nl/system_web/verification.phpindicates -
https://dynpyads.com/backup/indicates -
https://thewondersmx.com/mail/indicates -
https://auth-billing-smp.grupositel.com/simply/mark.phpindicates -
sanremomotors.co.zaindicates -
service-interbancaire.page.devindicates -
luiscarmocx.comindicates -
sv-management.jetperformance.nlindicates -
https://faberkit.pt/Backup/indicates -
https://creativetrendwatcher.be/mail/indicates -
dewa-ae.mandegroupeinternational.orgindicates -
https://bluesign.pt/kund/indicates -
af-itsolutions.ptindicates -
https://criamoda.com/mail/indicates -
online-telias-n2689829292.jnsi.xyzindicates -
sites-leiria.ptindicates -
ebox.terugbetaling.onlineindicates -
https://luiscarmocx.com/Back/indicates -
https://scmalmodovar.pt/mail/indicates -
https://mcaluminios.pt/refresh/indicates -
https://aojdy5ex.dreamwp.com/wp-admin/css/colors/HOooo.phpindicates -
https://assurancemaladie-renouvellement.infoindicates -
https://gelalentejo.com/mail/indicates -
https://af-itsolutions.pt/mail/indicates -
https://ebox.dlogin.infoindicates -
opposition.onlineindicates -
https://www.stassa.pt/wp-mail/indicates -
https://crazybubble.pt/mail/indicates -
https://avrasyaproje.com.tr/backup/indicates -
https://ateci.pt/Backup/indicates -
https://gfc-angola.com/mail/indicates -
https://outprint.pt/dk/indicates -
vortica.netindicates -
sercicio.paypl.studiolegaleflm.itindicates -
https://alojagora.com/mail/indicates
Vulnerabilities (CVE) (1)
7.5
High
An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.
- Attack vector
- Network
- Published
- 04/10/2023
- Modified
- 29/05/2026