Prometei
· Published 21/12/2025 08:03 · Modified 21/12/2025 08:03
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 08:03
- Modified
- 21/12/2025 08:03
- Updated at
- 21/12/2025 08:03
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 3 reports, 41 attack patterns (mitre), 1 malware, 4 sectors, 2 countries, 34 indicators, 3 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (3)
-
3 CVEs 13 MITREs 1 Malware 16 Observables 1 APT
-
11 Observables 1 APT
-
20 MITREs 1 Malware 1 APT
Attack patterns (MITRE) (41)
-
T1573.001 usesSymmetric Cryptography MITRE
-
T1588.003 MITRE
-
T1095 usesNon-Application Layer Protocol MITRE
-
T1090.003 usesMulti-hop Proxy MITRE
-
T1588.004 usesDigital Certificates MITRE
-
T1105 usesIngress Tool Transfer MITRE
-
T1071.001 usesWeb Protocols MITRE
-
T1059.001 usesPowerShell MITRE
-
T1573 usesEncrypted Channel MITRE
-
T1132.001 usesStandard Encoding MITRE
-
T1547.001 usesRegistry Run Keys / Startup Folder MITRE
-
T1090 usesProxy MITRE
Malware (1)
-
Prometei usesFamily
Sectors (4)
-
Finance targets
-
Technology targets
-
Construction targets
-
Government targets
Countries (2)
-
Brazil targets
-
Indonesia targets
Indicators (34)
-
103.91.90.182indicates -
a1b3e8de2855b274edd9e6f7d7798e3cefe1aae8697568d333e00979054ecf58indicates -
38fee2445532a4cf120226ff175e0fff55601cc36ff1b8eb7006c2b3f6955831indicates -
stix 100/100 Revoked
Win32:MalwareX-gen\ [Trj]
· Valid until 20/10/2025 · Source: AlienVault -
stix 100/100 Revoked
Win32:MalwareX-gen\ [Trj]
· Valid until 20/10/2025 · Source: AlienVault -
67279be56080b958b04a0f220c6244ea4725f34aa58cf46e5161cfa0af0a3fb0indicates -
d21c878dcc169961bebda6e7712b46adf5ec3818cc9469debf1534ffa8d74fb7indicates -
8d6f833656638f8c1941244c0d1bc88d9a6b2622a4f06b1d5340eac522793321indicates -
https://gb7ni5rgeexdcncj.onion/cgi-bin/prometei.cgiindicates -
c9fd9d54834f0a08597aa952e4265a25dcb248d552facd37cda967f32fc9cc7findicates -
23.248.230.26indicates -
stix 100/100 Revoked
SLF:MeterRefLoadApiHash
· Valid until 20/10/2025 · Source: AlienVault
Vulnerabilities (CVE) (3)
9.8
Critical
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 29/01/2026
- Modified
- 10/04/2026
9.8
Critical
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, …
- Attack vector
- NETWORK
- Published
- 28/01/2026
- Modified
- 09/02/2026
9.8
Critical
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
- Attack vector
- NETWORK
- Published
- 29/01/2026
- Modified
- 27/03/2026