Static Tundra
· Published 21/12/2025 15:47 · Modified 21/12/2025 15:47
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 15:47
- Modified
- 21/12/2025 15:47
- Updated at
- 21/12/2025 15:47
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 2 reports, 27 attack patterns (mitre), 6 malware, 4 sectors, 3 countries, 26 indicators, 1 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (2)
-
AlienVault Confidence 100 4 Malwares 21 IOCs 21 Observables 1 APT
-
2 Malwares 1 APT
Attack patterns (MITRE) (27)
-
T1012 usesQuery Registry MITRE
-
T1568 usesDynamic Resolution MITRE
-
T1584 usesCompromise Infrastructure MITRE
-
T1016 usesSystem Network Configuration Discovery MITRE
-
T1124 usesSystem Time Discovery MITRE
-
T1057 usesProcess Discovery MITRE
-
T1078 usesValid Accounts MITRE
-
T1133 usesExternal Remote Services MITRE
-
T1071 usesApplication Layer Protocol MITRE
-
T1505.003 usesWeb Shell MITRE
-
T1105 usesIngress Tool Transfer MITRE
-
T1573 usesEncrypted Channel MITRE
Malware (6)
Sectors (4)
-
Manufacturing targets
-
Energy targets
-
Technology targets
-
Government targets
Countries (3)
-
Russian Federation targets
-
Japan targets
-
Poland targets
Indicators (26)
-
stix 100/100
SHA256 of 4ec3c90846af6b79ee1a5188eefa3fd21f6d4cf6
· Valid until 29/01/2027 · Source: AlienVault -
http://31.172.71.5:50443indicatesstix 100/100 Revoked· Valid until 29/05/2026 · Source: AlienVault -
stix 100/100· Valid until 18/08/2026 · Source: AlienVault
-
stix 100/100 Revoked
CoinMiner
· Valid until 02/12/2025 · Source: AlienVault -
http://31.172.71.5:8008/TCPindicatesstix 100/100 Revoked· Valid until 29/05/2026 · Source: AlienVault -
stix 100/100· Valid until 26/04/2027 · Source: AlienVault
-
http://31.172.71.5:50443/TCPindicatesstix 100/100 Revoked· Valid until 29/05/2026 · Source: AlienVault -
stix 100/100· Valid until 26/04/2027 · Source: AlienVault
-
stix 100/100· Valid until 26/04/2027 · Source: AlienVault
Vulnerabilities (CVE) (1)
9.8
Critical
Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected …
- Attack vector
- NETWORK
- Published
- 03/11/2021
- Modified
- 14/01/2026