Harvester
· Published 21/12/2025 06:18 · Modified 21/12/2025 06:18
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 06:18
- Modified
- 21/12/2025 06:18
- Updated at
- 21/12/2025 06:18
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 3 reports, 32 attack patterns (mitre), 8 malware, 7 countries, 22 indicators, 2 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (3)
-
AlienVault Confidence 100 15 MITREs 2 Malwares 5 IOCs 5 Observables 1 APTPublished 01/05/2026 19:53 · Modified 04/05/2026 14:33 · threat-report
-
20 MITREs 2 Malwares 5 Observables 1 APTPublished 22/04/2026 11:35 · Modified 22/04/2026 15:32
-
2 CVEs 5 MITREs 8 Malwares 20 Observables 1 APTPublished 07/08/2024 11:18 · Modified 07/08/2024 11:37
Attack patterns (MITRE) (32)
-
T1543 usesCreate or Modify System Process
-
T1036 usesMasquerading
-
T1071.001 usesWeb Protocols
-
T1574 usesHijack Execution Flow
-
T1059 usesCommand and Scripting Interpreter
-
T1087 usesAccount Discovery
-
T1534 usesInternal Spearphishing
-
T1105 usesIngress Tool Transfer
-
T1566 usesPhishing
-
T1573 usesEncrypted Channel
-
T1132.001 usesStandard Encoding
-
T1102 usesWeb Service
Malware (8)
-
BirdyClient usesFamilyPublished 07/08/2024 11:18 · Modified 07/08/2024 11:18
-
Graphite usesFamilyPublished 12/06/2025 22:00 · Modified 12/06/2025 22:00
-
MoonTag usesFamilyPublished 07/08/2024 16:11 · Modified 07/08/2024 16:11
-
Grager usesFamilyPublished 07/08/2024 11:18 · Modified 07/08/2024 11:18
-
Backdoor.Graphican usesFamilyPublished 07/08/2024 11:18 · Modified 07/08/2024 11:18
-
OneDriveTools usesFamilyPublished 07/08/2024 16:11 · Modified 07/08/2024 16:11
-
Graphon usesFamilyPublished 01/05/2026 17:53 · Modified 01/05/2026 17:53
-
GoGra usesFamilyPublished 01/05/2026 17:53 · Modified 01/05/2026 17:53
Countries (7)
- India targets
- Afghanistan targets
- Ukraine targets
- British Indian Ocean Territory targets
- Hong Kong targets
- Taiwan targets
- Virgin Islands, U.S. targets
Indicators (22)
-
97551bd3ff8357831dc2b6d9e152c8968d9ce1cd0090b9683c38ea52c2457824indicates -
582b21409ee32ffca853064598c5f72309247ad58640e96287bb806af3e7bedeindicates -
79e56dc69ca59b99f7ebf90a863f5351570e3709ead07fe250f31349d43391e6indicates -
d728cdcf62b497362a1ba9dbaac5e442cebe86145734410212d323a6c2959f0findicates -
4057534799993a63f41502ec98181db0898d1d82df0d7902424a1899f8f7f9d2indicates -
74ac41406ce7a7aa992f68b4b3042f980027526f33ec6c8d84cb26f20495c9dcindicates -
d8d84eaba9b902045ae4fe044e9761ad0ce9051b85feea3f1cf9c80b59b2b123indicates -
ab6a684146cec59ec3a906d9e018b318fb6452586e8ec8b4e37160bcb4adc985indicates -
a76507b51d84708c02ca2bd5a5775c47096bc740c9f7989afd6f34825edfcba6indicates -
f1ccd604fcdc0034d94e575b3709cd124e13389bbee55c59cbbf7d4f3476e214indicates -
7-zip.twindicates -
30sof.onedumb.comindicates
Vulnerabilities (CVE) (2)
CVE-2024-21887
KEV
9.1
Critical
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web …
- Attack vector
- Network
- Published
- 10/01/2024
- Modified
- 27/05/2026
CVE-2024-21893
KEV
8.2
High
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) …
- Attack vector
- Network
- Published
- 31/01/2024
- Modified
- 27/05/2026