Prometei
· Published 21/12/2025 08:03 · Modified 21/12/2025 08:03
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 08:03
- Modified
- 21/12/2025 08:03
- Updated at
- 21/12/2025 08:03
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 3 reports, 41 attack patterns (mitre), 1 malware, 4 sectors, 2 countries, 34 indicators, 3 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (3)
-
3 CVEs 13 MITREs 1 Malware 16 Observables 1 APT
-
11 Observables 1 APT
-
20 MITREs 1 Malware 1 APT
Attack patterns (MITRE) (41)
-
T1573.001 usesSymmetric Cryptography MITRE
-
T1588.003 MITRE
-
T1095 usesNon-Application Layer Protocol MITRE
-
T1090.003 usesMulti-hop Proxy MITRE
-
T1588.004 usesDigital Certificates MITRE
-
T1105 usesIngress Tool Transfer MITRE
-
T1071.001 usesWeb Protocols MITRE
-
T1059.001 usesPowerShell MITRE
-
T1573 usesEncrypted Channel MITRE
-
T1132.001 usesStandard Encoding MITRE
-
T1547.001 usesRegistry Run Keys / Startup Folder MITRE
-
T1090 usesProxy MITRE
Malware (1)
-
Prometei usesFamily
Sectors (4)
-
Finance targets
-
Technology targets
-
Construction targets
-
Government targets
Countries (2)
-
Brazil targets
-
Indonesia targets
Indicators (34)
-
103.176.111.176indicates -
87f5e41cbc5a7b3f2862fed3f9458cd083979dfce45877643ef68f4c2c48777eindicates -
656fa59c4acf841dcc3db2e91c1088daa72f99b468d035ff79d31a8f47d320efindicates -
stix 100/100 Revoked
UPX_OEP_place
· Valid until 20/10/2025 · Source: AlienVault -
stix 100/100 Revoked
HackTool:Win32/Mimikatz.D
· Valid until 20/10/2025 · Source: AlienVault -
stix 100/100
HackTool:Win32/Mimikatz.D
· Valid until 05/02/2027 · Source: AlienVault -
46cf75d7440c30cbfd101dd396bb18dc3ea0b9fe475eb80c4545868aab5c578cindicates -
7a027fae1d7460fc5fccaf8bed95e9b28167023efcbb410f638c5416c6af53ffindicates -
stix 100/100 Revoked
Win32:MalwareX-gen\ [Trj]
· Valid until 20/10/2025 · Source: AlienVault -
8c6d0728e65864923a9dd9cf1cb512ab65c3d80b69505818a52563a1efe4b59findicates
Vulnerabilities (CVE) (3)
9.8
Critical
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 29/01/2026
- Modified
- 10/04/2026
9.8
Critical
SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, …
- Attack vector
- NETWORK
- Published
- 28/01/2026
- Modified
- 09/02/2026
9.8
Critical
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
- Attack vector
- NETWORK
- Published
- 29/01/2026
- Modified
- 27/03/2026