Static Tundra
· Published 21/12/2025 15:47 · Modified 21/12/2025 15:47
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 15:47
- Modified
- 21/12/2025 15:47
- Updated at
- 21/12/2025 15:47
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 2 reports, 27 attack patterns (mitre), 6 malware, 4 sectors, 3 countries, 26 indicators, 1 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (2)
-
AlienVault Confidence 100 4 Malwares 21 IOCs 21 Observables 1 APT· threat-report
-
2 Malwares 1 APT
Attack patterns (MITRE) (27)
Malware (6)
Sectors (4)
-
Manufacturing targets
-
Energy targets
-
Technology targets
-
Government targets
Countries (3)
-
Russian Federation targets
-
Japan targets
-
Poland targets
Indicators (26)
-
159.69.50.242indicatesstix 100/100 Revoked· Valid until 24/05/2026 · Source: AlienVault -
194.61.121.178indicatesstix 100/100 Revoked· Valid until 24/05/2026 · Source: AlienVault -
stix 100/100
ConventionEngine_Term_Users SHA256 of 69ede7e341fd26fa0577692b601d80cb44778d93
· Valid until 29/01/2027 · Source: AlienVault -
31.172.71.5indicatesstix 100/100 Revoked· Valid until 23/02/2026 · Source: AlienVault -
stix 100/100· Valid until 26/04/2027 · Source: AlienVault
-
http://31.172.71.5:8008indicatesstix 100/100 Revoked· Valid until 29/05/2026 · Source: AlienVault -
http://31.172.71.5:44445/TCPindicatesstix 100/100 Revoked· Valid until 29/05/2026 · Source: AlienVault -
47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8caindicates -
stix 100/100
ConventionEngine_Term_Users SHA256 of 86596a5c5b05a8bfbd14876de7404702f7d0d61b
· Valid until 29/01/2027 · Source: AlienVault -
185.200.177.10indicatesstix 100/100 Revoked· Valid until 24/05/2026 · Source: AlienVault -
stix 100/100
CoinMiner
· Valid until 21/07/2026 · Source: AlienVault -
stix 100/100 Revoked
Trojan:Win32/CoinMiner.AQ
· Valid until 28/09/2025 · Source: AlienVault
Vulnerabilities (CVE) (1)
9.8
Critical
Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected …
- Attack vector
- NETWORK
- Published
- 03/11/2021
- Modified
- 14/01/2026