puNK-003
· Published 21/12/2025 06:39 · Modified 21/12/2025 06:39
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 06:39
- Modified
- 21/12/2025 06:39
- Updated at
- 21/12/2025 06:39
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 1 reports, 13 attack patterns (mitre), 1 malware, 30 indicators
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (1)
-
13 MITREs 1 Malware 33 Observables 1 APT
Attack patterns (MITRE) (13)
-
T1105 usesIngress Tool Transfer MITRE
-
T1059.003 usesWindows Command Shell MITRE
-
T1041 usesExfiltration Over C2 Channel MITRE
-
T1204.002 usesMalicious File MITRE
-
T1547.001 usesRegistry Run Keys / Startup Folder MITRE
-
T1059.001 usesPowerShell MITRE
-
T1571 usesNon-Standard Port MITRE
-
T1518.001 usesSecurity Software Discovery MITRE
-
T1564.001 usesHidden Files and Directories MITRE
-
T1564.003 usesHidden Window MITRE
-
T1053.005 usesScheduled Task MITRE
-
T1539 usesSteal Web Session Cookie MITRE
Malware (1)
-
Lilith RAT usesFamily
Indicators (30)
-
oryzanine.comindicates -
5bcfb56c4c884e3657bbfeacca37853113d640b77dff9af519c08c4b64ca029dindicates -
jethropc.comindicates -
77d05cc623f860ca2e6d47cdafc517aa0612de88291de7f2a3d95c5d04f1658aindicates -
http://185.231.154.22:52720indicates -
5ea09247ad85915a8d1066d1825061cc8348e14c4e060e1eba840d5e56ab3e4dindicates -
c2cc785857c64fa1f8fbb2e359a2638f187cd77cd29ca6701e38d750e822faa4indicates -
file.drive002.comindicates -
808425bc599cd60989c90978d179af1d4c72dd7abfe5e0518aca44b48af15725indicates -
sibbss.comindicates -
werxtracts.comindicates -
2189aa5be8a01bc29a314c3c3803c2b8131f49a84527c6b0a710b50df661575eindicates