Storm-0249
· Published 21/12/2025 13:18 · Modified 21/12/2025 13:18
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 13:18
- Modified
- 21/12/2025 13:18
- Updated at
- 21/12/2025 13:18
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 2 reports, 22 attack patterns (mitre), 5 malware, 4 sectors, 1 countries, 27 indicators
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (2)
-
8 MITREs 3 Observables 1 APTPublished 10/12/2025 09:17 · Modified 21/12/2025 18:53
-
15 MITREs 5 Malwares 1 APTPublished 03/04/2025 17:19 · Modified 03/04/2025 19:05
Attack patterns (MITRE) (22)
-
T1568.002 usesDomain Generation Algorithms
-
T1132 usesData Encoding
-
T1102 usesWeb Service
-
T1059.001 usesPowerShell
-
T1192 uses
-
T1566 usesPhishing
-
T1218 usesSystem Binary Proxy Execution
-
T1059 usesCommand and Scripting Interpreter
-
T1082 usesSystem Information Discovery
-
T1027 usesObfuscated Files or Information
-
T1566.001 usesSpearphishing Attachment
-
T1547 usesBoot or Logon Autostart Execution
-
T1036 usesMasquerading
-
T1056 usesInput Capture
-
T1574.002 uses
-
T1204 usesUser Execution
-
T1057 usesProcess Discovery
-
T1553 usesSubvert Trust Controls
-
T1113 usesScreen Capture
-
T1573 usesEncrypted Channel
-
T1071 usesApplication Layer Protocol
-
T1203 usesExploitation for Client Execution
Malware (5)
-
Remcos usesFamilyPublished 05/05/2026 18:45 · Modified 05/05/2026 18:45
-
Latrodectus usesFamilyPublished 12/06/2026 21:29 · Modified 12/06/2026 21:29
-
AHKBot usesFamilyPublished 15/04/2025 20:46 · Modified 15/04/2025 20:46
-
BruteRatel C4 usesFamilyPublished 15/04/2025 20:46 · Modified 15/04/2025 20:46
-
GuLoader - S0561 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:36 · Modified 20/12/2025 22:27
Sectors (4)
- Information Technologies Consulting targets
- Engineering consulting targets
- Finance targets
- Consulting targets
Countries (1)
- United States of America targets
Indicators (27)
-
9bffe9add38808b3f6021e6d07084a06300347dd5d4b7e159d97e949735cff1eindicates -
royalegroupnyc.comindicates -
slgndocline.onlxtg.comindicates -
hareddocumentso365cloudauthstorage.comindicates -
shareddocumentso365cloudauthstorage.comindicates -
https://www.morado.io/blog-posts/understanding-raccoono365-phishing-as-a-serviceindicates -
a1b4db93eb72a520878ad338d66313fbaeab3634000fb7c69b1c34c9f3e17727indicates -
3c482415979debc041d7e4c41a8f1a35ca0850b9e392fecbdef3d3bc0ac69960indicates -
hristomasitomasdf.comindicates -
sgcipl.comindicates -
a31ea11c98a398f4709d52e202f3f2d1698569b7b6878572fc891b8de56e1ff7indicates -
proliforetka.comindicates -
9728b7c73ef25566cba2599cb86d87c360db7cafec003616f09ef70962f0f6fcindicates -
porelinofigoventa.comindicates -
178.16.52.145indicates -
muuxxu.comindicates -
165896fb5761596c6f6d80323e4b5804e4ad448370ceaf9b525db30b2452f7f5indicates -
10910179af37ba38786f5a1b59d4dd1c43b6aa512850bbd47fb0feb965b2eb5cindicates -
newsbloger1.duckdns.orgindicates -
8113fc3b4f82fb49f8dd853ca8e1275e0dfb06e48f39830708e4437fe8afbdfbindicates -
https://rosenbaum.live/bars.phpindicates -
krivomadogolyhp.comindicates -
rosenbaum.liveindicates -
4d5839d70f16e8f4f7980d0ae1758bb5a88b061fd723ea4bf32b4b474c222becindicates -
0b22a0d84afb8bc4426ac3882a5ecd2e93818a2ea62d4d5cbae36d942552a36aindicates -
bb3b6262a288610df46f785c57d7f1fa0ebc75178c625eaabf087c7ec3fccb6aindicates -
eboxsystems.comindicates