Prometei
· Published 21/12/2025 08:03 · Modified 21/12/2025 08:03
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 08:03
- Modified
- 21/12/2025 08:03
- Updated at
- 21/12/2025 08:03
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 3 reports, 41 attack patterns (mitre), 1 malware, 4 sectors, 2 countries, 34 indicators, 3 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (3)
-
3 CVEs 13 MITREs 1 Malware 16 Observables 1 APT
-
11 Observables 1 APT
-
20 MITREs 1 Malware 1 APT
Attack patterns (MITRE) (41)
-
T1573.001 usesSymmetric Cryptography MITRE
-
T1588.003 MITRE
-
T1095 usesNon-Application Layer Protocol MITRE
-
T1090.003 usesMulti-hop Proxy MITRE
-
T1588.004 usesDigital Certificates MITRE
-
T1105 usesIngress Tool Transfer MITRE
-
T1071.001 usesWeb Protocols MITRE
-
T1059.001 usesPowerShell MITRE
-
T1573 usesEncrypted Channel MITRE
-
T1132.001 usesStandard Encoding MITRE
-
T1547.001 usesRegistry Run Keys / Startup Folder MITRE
-
T1090 usesProxy MITRE
Malware (1)
-
Prometei usesFamily
Sectors (4)
-
Finance targets
-
Technology targets
-
Construction targets
-
Government targets
Countries (2)
-
Brazil targets
-
Indonesia targets
Indicators (34)
-
e5819085c1d8bf668ca0737f6d288bd1d5d3ede5658c11be0c51a6c48fb0f60dindicates -
d4566c778c2c35e6162a8e65bb297c3522dd481946b81baffc15bb7d7a4fe531indicates -
33f4cbf0292c4e957f894269d2d9411fed7ed9b2be4c858ac20418ee36a8b595indicates -
c5f76cb93d2f3fd68b46c6ae8e5ca98d3b58eca0964025ef67af109cecf60c49indicates -
stix 100/100 Revoked· Valid until 20/10/2025 · Source: AlienVault
-
205c2a562bb393a13265c8300f5f7e46d3a1aabe057cb0b53d8df92958500867indicates -
stix 100/100
HackTool:Win32/Mimikatz.A!dha
· Valid until 05/02/2027 · Source: AlienVault -
c0f71e86d71f799ef6fc493e85bf1db5b1202b8ead301718d55544e8151cb4c2indicates -
cc7ab872ed9c25d4346b4c58c5ef8ea48c2d7b256f20fe2f0912572208df5c1aindicates -
b1d893c8a65094349f9033773a845137e9a1b4fa9b1f57bdb57755a2a2dcb708indicates -
9a6f5a55f5048bd8b0c80fd6da979fc6d7b5e589c7e65ad1c21c861b87855151indicates
Vulnerabilities (CVE) (3)
9.8
Critical
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 29/01/2026
- Modified
- 10/04/2026
9.8
Critical
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, …
- Attack vector
- NETWORK
- Published
- 28/01/2026
- Modified
- 09/02/2026
9.8
Critical
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
- Attack vector
- NETWORK
- Published
- 29/01/2026
- Modified
- 27/03/2026