medusa
Essential information
- Confidence
- 100/100
- Published
- 20/12/2025 08:55
- Modified
- 21/12/2025 07:18
- Updated at
- 21/12/2025 07:18
- Revoked
- No
- Author / Source
- Ransomware.Live
- Resource level
- —
- Primary motivation
- —
- Related entities
- 2 reports, 25 attack patterns (mitre), 4 malware, 8 sectors, 14 countries, 56 indicators, 1 vulnerabilities (cve), 6 organization
Description
Marking (TLP)
TLP:CLEAR
Labels
ransomware
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (2)
-
1 CVE 11 MITREs 1 Malware 11 Observables 1 APT
-
8 MITREs 2 Malwares 50 Observables 1 APT
Malware (4)
-
Medusa usesThe MITRE Corporation Confidence 100
[MEDUSA](https://attack.mitre.org/software/S1220) is an open-source rootkit that is capable of dynamic linker hijacking, command execution, and logging credentials.(Citation: Google Cloud Mandiant UNC3886 2024)
First seen 01/01/1970 · Last seen 16/11/5138 · -
Medusa Ransomware usesFamily The MITRE Corporation Confidence 100
[Medusa Ransomware](https://attack.mitre.org/software/S1244) has been utilized in attacks since at least 2021. [Medusa Ransomware](https://attack.mitre.org/software/S1244) has been known to be utilized in conjunction with living off the land techniques and…
First seen 01/01/1970 · Last seen 16/11/5138 · -
TangleBot usesFamily The MITRE Corporation Confidence 100
[TangleBot](https://attack.mitre.org/software/S1069) is SMS malware that was initially observed in September 2021, primarily targeting mobile users in the United States and Canada. [TangleBot](https://attack.mitre.org/software/S1069) has used SMS text message lures…
First seen 01/01/1970 · Last seen 16/11/5138 · -
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (8)
-
Agriculture Food Production targets
-
Public Sector targets
-
Healthcare targets
-
Finance targets
-
Technology targets
-
Manufacturing targets
-
Education targets
-
Government targets
Countries (14)
-
Australia targets
-
Indonesia targets
-
India targets
-
United Arab Emirates targets
-
United States of America targets
-
British Indian Ocean Territory targets
-
France targets
-
Canada targets
-
Portugal targets
-
United Kingdom of Great Britain and Northern Ireland targets
-
Spain targets
-
Italy targets
Indicators (56)
-
stix 100/100 Revoked· Valid until 29/09/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 29/09/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 29/09/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 29/09/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 29/09/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 29/09/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 29/09/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 29/09/2025 · Source: AlienVault
Vulnerabilities (CVE) (1)
Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
- Attack vector
- Network
- Published
- 25/03/2024
- Modified
- 21/12/2025
Organization (6)
-
Sampoerna Agro targets
-
Resource Corporation of America targets
-
Callipo Group targets
-
Shamrock Technologies targets
-
Thunder Bay Counselling targets
-
JBS targets