216.73.217.22

LilacSquid

· Published 21/12/2025 05:07 · Modified 21/12/2025 05:07 · Source: AlienVault

Essential information

Confidence
100/100
Published
21/12/2025 05:07
Modified
21/12/2025 05:07
Updated at
21/12/2025 05:07
Revoked
No
Author / Source
AlienVault
Resource level
Primary motivation
Related entities
2 reports, 35 attack patterns (mitre), 4 malware, 3 sectors, 2 countries, 9 indicators

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (2)

Attack patterns (MITRE) (35)

  • T1086 uses
  • T1127 uses
    Trusted Developer Utilities Proxy Execution
  • T1567 uses
    Exfiltration Over Web Service
  • T1041 uses
    Exfiltration Over C2 Channel
  • Exploitation for Defense Evasion uses
    T1211
  • T1008 uses
    Fallback Channels
  • T1190 uses
    Exploit Public-Facing Application
  • T1518 uses
    Software Discovery
  • T1057 uses
    Process Discovery
  • T1068 uses
    Exploitation for Privilege Escalation
  • T1059 uses
    Command and Scripting Interpreter
  • T1005 uses
    Data from Local System
  • T1543 uses
    Create or Modify System Process
  • T1105 uses
    Ingress Tool Transfer
  • T1547 uses
    Boot or Logon Autostart Execution
  • T1095 uses
    Non-Application Layer Protocol
  • T1070 uses
    Indicator Removal
  • T1043 uses
    Commonly Used Port
  • T1087 uses
    Account Discovery
  • T1012 uses
    Query Registry
  • T1083 uses
    File and Directory Discovery
  • System Script Proxy Execution uses
    T1216
  • T1055 uses
    Process Injection
  • T1021 uses
    Remote Services
  • T1082 uses
    System Information Discovery
  • T1132 uses
    Data Encoding
  • T1219 uses
    Remote Access Tools
  • T1574 uses
    Hijack Execution Flow
  • T1027 uses
    Obfuscated Files or Information
  • T1053 uses
    Scheduled Task/Job
  • T1048 uses
    Exfiltration Over Alternative Protocol
  • T1078 uses
    Valid Accounts
  • T1490 uses
    Inhibit System Recovery
  • T1033 uses
    System Owner/User Discovery
  • T1064 uses
    Scripting

Malware (4)

  • PurpleInk uses
    Family
    Published 30/05/2024 15:12 · Modified 30/05/2024 15:12
  • MeshAgent uses
    Family
    Published 02/09/2025 08:34 · Modified 02/09/2025 08:34
  • InkLoader uses
    Family
    Published 30/05/2024 15:12 · Modified 30/05/2024 15:12
  • InkBox uses
    Family
    Published 30/05/2024 15:12 · Modified 30/05/2024 15:12

Sectors (3)

  • Pharmacy and drugs manufacturing targets
  • Energy targets
  • Technology targets

Countries (2)

  • Israel targets
  • United States of America targets

Indicators (9)

  • http://api.gupdate.net:443/agent.ashx indicates
  • 1134af27bea8518c62444a56f4bd4bcc95db40a9bb6132688cf31515da08b9aa indicates
  • 460acbb38b0bdb3d227de65010b1a323f448ec196860ce4979c0b8314763eb56 indicates
  • MeshAgent_Config indicates
  • MeshAgent_ELF indicates
  • 3840acb15880f6cb0a77347d4a3893c5a3fbfcc2167bd5e3f86e2ce0f7cdbf19 indicates
  • 2eb9c6722139e821c2fe8314b356880be70f3d19d8d2ba530adc9f466ffc67d8 indicates
  • api.gupdate.net indicates
  • gupdate.net indicates