Jewelbug
· Published 21/12/2025 18:58 · Modified 21/12/2025 18:58
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 18:58
- Modified
- 21/12/2025 18:58
- Updated at
- 21/12/2025 18:58
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 1 reports, 24 attack patterns (mitre), 6 malware, 2 sectors, 2 countries, 25 indicators
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (1)
-
3 MITREs 6 Malwares 27 Observables 1 APTPublished 24/10/2025 09:16 · Modified 24/10/2025 10:05
Attack patterns (MITRE) (24)
-
T1218.011 usesRundll32
-
T1070.001 usesClear Windows Event Logs
-
T1055.002 usesPortable Executable Injection
-
T1003.001 usesLSASS Memory
-
T1053.005 usesScheduled Task
-
T1134 usesAccess Token Manipulation
-
T1021.006 usesWindows Remote Management
-
T1078 usesValid Accounts
-
T1021.001 usesRemote Desktop Protocol
-
T1134.005
-
T1078.003 usesLocal Accounts
-
T1562 usesImpair Defenses
-
T1098.001 usesAdditional Cloud Credentials
-
T1562.001 usesDisable or Modify Tools
-
T1070 usesIndicator Removal
-
T1055 usesProcess Injection
-
T1098 usesAccount Manipulation
-
T1053 usesScheduled Task/Job
-
T1021 usesRemote Services
-
T1572 usesProtocol Tunneling
-
T1571 usesNon-Standard Port
-
T1021.002 usesSMB/Windows Admin Shares
-
T1218 usesSystem Binary Proxy Execution
-
T1003 usesOS Credential Dumping
Malware (6)
-
Guidloader usesFamilyPublished 24/10/2025 09:16 · Modified 24/10/2025 09:16
-
FinalDraft usesFamilyPublished 05/05/2026 14:07 · Modified 05/05/2026 14:07
-
Squidoor usesFamilyPublished 24/10/2025 09:16 · Modified 24/10/2025 09:16
-
POISONPLUG.SHADOW usesFamilyPublished 30/04/2026 19:11 · Modified 30/04/2026 19:11
-
ShadowPad - S0596 usesFamilyPublished 30/04/2026 19:11 · Modified 30/04/2026 19:11
-
Pathloader usesFamilyPublished 24/10/2025 09:16 · Modified 24/10/2025 09:16
Sectors (2)
- Government targets
- Technology targets
Countries (2)
- Taiwan targets
- Russian Federation targets
Indicators (25 / 26)
-
872045fe5bea78e4daac4f0352028060b0fadccfbf0a40b57d405579821850bbindicates -
67bb887a0f34543a32b845029be308f436704207a1964a2a3582f42fe6de4176indicates -
6d4d9b68d02e93e721943a6943cda6544bf4d31d109415774565b544b512ed25indicates -
259f65bcdd367e6d84a4cba75375744e85fbe58293c88b1ad5a1bee4add63b9dindicates -
9f4b046e9f9dbc36b8df011a69490948dce5b9645fc5209b0b3a60dad5a493e6indicates -
078a3a2c4f24d8811bb1aa673790c16ad5ea563127af1a5d4a41c893b215c372indicates -
bfe1538445e3f74ef7f41699482b40cf6f3b0a084e188f4c4b786b15eeb3601cindicates -
bc270539c6a057791fba4793dc7e2d2567070e50ea089cc6fa032b3285576c64indicates -
0642ada1f7c8b3cc43a1d69d6aa86fc1970e257271811e637b0e4349aa880fa8indicates -
5c3f0420c00e6ca123790403b6ed1f53f493357dfdd54ed9460d615d57f6bcd4indicates -
5525c51063d40e12029d9ef4b646e261c853c655b9b2acc74a411428e873a8a1indicates -
3f49bd1f3b0999096511757e0fbc2e4e2c18176fd1773f71baf2d7a15dbbcfbfindicates -
cffca467b6ff4dee8391c68650a53f4f3828a0b5a31a9aa501d2272b683205f9indicates -
cc87dee890641bd015a04e46a881eb844c774519d55b986fb216c4c2141479e8indicates -
d5147787d52636a3c6c2a0c84b351633ad7f45ce4ae5c2007e568f715fec3e49indicates -
cdn.kindylib.infoindicates -
010f76b21251eb5d8bc77bcfdb47d5f13009aa985e744b843fc2e35b23fb2a44indicates -
15eaa601b1bfb8cd7cd5513c692eea4ed4302f6fcbee4722433e0c85388de35dindicates -
a1e45ec8639f55290a5eb47e9f75e6413b12eaa6f9e3834af600e00fe529a637indicates -
015e424dc798bc4ef39f5237062d2402f5207fbf912a22ce6fb46ef9e42fd6caindicates -
b49e142b89c47757a0afb786bf0e6c11c9548f626c4127d4d16d30e3004bdfb1indicates -
ba0dbee9538073fd81953a37218f200988ad91a8380e68118ea83e146e1d986dindicates -
5c396da8b64faf6e29ee38cdf0a4b9a652e01236d2b981c2ca806aa14d94c956indicates -
37e83ffde09a83273a4cea7fe24d3fda63fb342e6a3512de4541d62ab43aadd0indicates -
87ead55ff94b6cd9d80f590793d0dc17d9f5d442b6c827dcfb8db0c078918bd1indicates