REF4526
· Published 20/12/2025 22:37 · Modified 20/12/2025 22:37
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 20/12/2025 22:37
- Modified
- 20/12/2025 22:37
- Updated at
- 20/12/2025 22:37
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 14 attack patterns (mitre), 3 malware, 11 indicators
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Attack patterns (MITRE) (14)
-
T1027 usesObfuscated Files or Information
-
T1218.004 usesInstallUtil
-
T1583 usesAcquire Infrastructure
-
T1059.001 usesPowerShell
-
Multi-Stage Channels usesT1104
-
T1608.001 usesUpload Malware
-
T1140 usesDeobfuscate/Decode Files or Information
-
T1056 usesInput Capture
-
T1036 usesMasquerading
-
T1059 usesCommand and Scripting Interpreter
-
TA0002 uses
-
T1059.005 usesVisual Basic
-
T1547.001 usesRegistry Run Keys / Startup Folder
-
T1498 usesNetwork Denial of Service
Malware (3)
Indicators (11)
-
49562fda46cfa05b2a6e2cb06a5d25711c9a435b578a7ec375f928aae9c08ff2indicates -
6ef7bdbea00c1335915d0988949b9a1462246bca88bd0be64ea4845f6e97734eindicates -
wins10ok.duckdns.orgindicates -
ff00a7414edad0eeb2ce1e7e9919e7a635a5c1621246e91c5bf9e51778156bb8indicates -
segundito22.duckdns.orgindicates -
233749fbc9711dd2301fee910faf8fc140f56736e7184d9fcea90f56690ab19bindicates -
cedc450ae30a39fbb13e8a91c36f5796e92f0ce03aed625a9acd282984fc3862indicates -
185b3950fe65844a3da7feff9f1326b848ef894b78d84ae8851856d7bd9421d1indicates -
bba5f2b1c90cc8af0318502bdc8d128019faa94161b8c6ac4e424efe1165c2cfindicates -
91eba0f8f690ace03118a933dc05fb583f103328c9c08862454370d8d77cb92dindicates -
1c1910375d48576ea39dbd70d6efd0dba29a0ddc9eb052cadd583071c9ca7ab3indicates