Hydra Saiga
· Published 17/03/2026 12:16 · Modified 17/03/2026 12:16
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 17/03/2026 12:16
- Modified
- 17/03/2026 12:16
- Updated at
- 17/03/2026 12:16
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 1 reports, 26 attack patterns (mitre), 2 malware, 8 sectors, 21 countries, 61 indicators
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (1)
-
21 MITREs 2 Malwares 41 Observables 1 APTPublished 17/03/2026 11:03 · Modified 17/03/2026 11:17
Attack patterns (MITRE) (26)
-
T1078 usesValid Accounts
-
T1047 usesWindows Management Instrumentation
-
T1059.006 usesPython
-
T1018 usesRemote System Discovery
-
T1547.001 usesRegistry Run Keys / Startup Folder
-
T1218 usesSystem Binary Proxy Execution
-
T1567 usesExfiltration Over Web Service
-
T1556.002 usesPassword Filter DLL
-
T1562.001 usesDisable or Modify Tools
-
T1041 usesExfiltration Over C2 Channel
-
T1594 usesSearch Victim-Owned Websites
-
T1027 usesObfuscated Files or Information
-
T1056.002 usesGUI Input Capture
-
T1046 usesNetwork Service Discovery
-
T1113 usesScreen Capture
-
T1595 usesActive Scanning
-
T1071.001 usesWeb Protocols
-
T1555.003 usesCredentials from Web Browsers
-
T1204.002 usesMalicious File
-
T1059.001 usesPowerShell
-
T1021.006 usesWindows Remote Management
-
T1003.001 usesLSASS Memory
-
T1572 usesProtocol Tunneling
-
T1560.001 usesArchive via Utility
-
T1566.001 usesSpearphishing Attachment
-
T1053.005 usesScheduled Task
Malware (2)
Sectors (8)
- Healthcare targets
- Manufacturing targets
- Education targets
- Water distribution and supply targets
- Legal targets
- Energy targets
- Government targets
- Aerospace targets
Countries (21)
- Morocco targets
- Armenia targets
- Tajikistan targets
- Kyrgyzstan targets
- Georgia targets
- Belarus targets
- Oman targets
- Slovakia targets
- Azerbaijan targets
- Turkmenistan targets
- Czechia targets
- Bulgaria targets
- Iran, Islamic Republic of targets
- Mongolia targets
- Greece targets
- Netherlands targets
- South Georgia and the South Sandwich Islands targets
- Egypt targets
- Russian Federation targets
- Uzbekistan targets
- South Africa targets
Indicators (61)
-
172.86.75.237indicates -
195.85.115.196indicates -
82.115.223.210indicates -
https://caspiannews.com/news-detail/russia-kazakhstan-sign-memorandum-for-new-cross-border-gas-pipeline-project-2025-10-10-0/indicates -
message.mailboxarea.cloudindicates -
8dda063860120a04bf3c7679f6a02a14aee4b5d2c3efc4dbd638dabce8a288a5indicates -
78.128.112.209indicates -
f78dad5a95bb01f14c822addc8e4ec17b3c95b7e42f27f68f678fb43a9e56d63indicates -
64.7.198.66indicates -
3da644eec41a32d72d3632b76a524d836f39f3b9854eda5d227cdf7fc4c7b543indicates -
e179bf035b9d9d17f8a76ecfc1ebf3b19b69f8ea05421f0d4507ded9e60c657cindicates -
https://altaviva.ru/contacts/rsocx.rarindicates -
72.5.43.178indicates -
adm-govuz.comindicates -
inbox.mailkeyboard.comindicates -
https://ss.qwadx.com/spoolsvc.rarindicates -
https://www.seqrite.com/blog/silent-lynx-apt-targeting-central-asian-entities/indicates -
168.100.11.127indicates -
66962bb324a7c5a57ba0e9663bba156576a7e6aa5c6c1401c315b3d32f8d467dindicates -
https://pweobmxdlboi.com/sokcs.exeindicates -
https://ex.wincorpupdates.com/sokcs.exeindicates -
pweobmxdlboi.comindicates -
a44827d002d7d1a74963b80e6af8a7257977f44c89caff66f126b7d1cad1fd11indicates -
64.7.198.46indicates -
179.60.150.151indicates -
mailkeyboard.comindicates -
96.9.125.168indicates -
mosreg.docworldme.comindicates -
ss.qwadx.comindicates -
ex.wincorpupdates.comindicates -
40gov.uzindicates -
altaviva.ruindicates -
auth.allcloudindex.comindicates -
docworldme.comindicates -
admin.inboxsession.infoindicates -
65.38.121.107indicates -
40minwater.uzindicates -
http://64.7.198.66/resosk443.exeindicates -
inboxsession.infoindicates -
https://admin.inboxsession.info/teal/ru.rarindicates -
allcloudindex.comindicates -
193.176.182.155indicates -
193.149.129.181indicates -
naryncity.kgindicates -
wincorpupdates.comindicates -
141.98.82.198indicates -
https://inbox.mailkeyboard.com/medic/medicru.rarindicates -
81.19.136.241indicates -
https://auth.allcloudindex.com/147/sokcs.exeindicates -
https://france-deguisement.fr/wp-content/samba.exeindicates -
https://adm-govuz.com/rev.rarindicates -
72.5.43.100indicates -
195.38.162.147indicates -
https://mosreg.docworldme.com/mfa/Central_Asia-Italy_Jeenbek_Kulubaev_working-visit-to-Italy.rarindicates -
https://naryncity.kg/minjust.gov.kg/kgnotary.rarindicates -
88.214.26.37indicates -
mailboxarea.cloudindicates -
france-deguisement.frindicates -
85.209.128.171indicates -
https://message.mailboxarea.cloud/steal/ru.exe-indicates -
65.38.120.38indicates