SilverFox, Mustang Panda, Amaranth-Dragon, Lotus Blossom, Shadow Campaigns, TripleX, ICARUS, The Gen
· Published 10/07/2026 09:32 · Modified 10/07/2026 09:34
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 10/07/2026 09:32
- Modified
- 10/07/2026 09:34
- Updated at
- 10/07/2026 09:34
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 22 attack patterns (mitre), 10 malware, 7 sectors, 7 countries, 29 indicators, 1 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Attack patterns (MITRE) (22)
-
T1082 usesSystem Information Discovery MITRE
-
T1547 usesBoot or Logon Autostart Execution MITRE
-
T1204 usesUser Execution MITRE
-
T1083 usesFile and Directory Discovery MITRE
-
T1566.001 usesSpearphishing Attachment MITRE
-
T1566.002 usesSpearphishing Link MITRE
-
T1574.002 uses
-
T1547.001 usesRegistry Run Keys / Startup Folder MITRE
-
T1555 usesCredentials from Password Stores MITRE
-
T1056 usesInput Capture MITRE
-
T1204.002 usesMalicious File MITRE
-
T1059 usesCommand and Scripting Interpreter MITRE
Malware (10)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ShadowGuard usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
LOTUSLITE usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Amaranth Loader usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
TGAmaranth RAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Chrysalis usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
RustSL usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ABCDoor usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
ValleyRAT usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
Havoc usesThe MITRE Corporation Confidence 100
[Havoc](https://attack.mitre.org/software/S1229) is an open-source post-exploitation command and control (C2) framework first released on GitHub in October 2022 by C5pider (Paul Ungur), who continues to maintain and develop it…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (7)
-
Government targets
-
Technology targets
-
Insurance targets
-
Telecommunications targets
-
Finance targets
-
Aerospace targets
-
Transportation targets
Countries (7)
-
India targets
-
Indonesia targets
-
Japan targets
-
British Indian Ocean Territory targets
-
Thailand targets
-
South Africa targets
-
Russian Federation targets
Indicators (29)
Vulnerabilities (CVE) (1)
8.8
High
RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary …
- Attack vector
- Network
- Published
- 12/08/2025
- Modified
- 27/05/2026