Storm-2460
· Published 21/12/2025 12:50 · Modified 21/12/2025 12:50
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 12:50
- Modified
- 21/12/2025 12:50
- Updated at
- 21/12/2025 12:50
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 2 reports, 31 attack patterns (mitre), 2 malware, 4 sectors, 4 countries, 6 indicators, 3 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (2)
-
1 CVE 18 MITREs 1 Malware 4 Observables 1 APT
-
9 MITREs 2 Malwares 1 APT
Attack patterns (MITRE) (31)
-
T1070.001 usesClear Windows Event Logs MITRE
-
T1027 usesObfuscated Files or Information MITRE
-
T1102 usesWeb Service MITRE
-
T1571 usesNon-Standard Port MITRE
-
T1016 usesSystem Network Configuration Discovery MITRE
-
T1003 usesOS Credential Dumping MITRE
-
T1090 usesProxy MITRE
-
T1543.003 usesWindows Service MITRE
-
T1082 usesSystem Information Discovery MITRE
-
T1106 usesNative API MITRE
-
T1505.003 usesWeb Shell MITRE
-
T1083 usesFile and Directory Discovery MITRE
Sectors (4)
-
Retail targets
-
Information Technologies Consulting targets
-
Finance targets
-
Construction targets
Countries (4)
-
Saudi Arabia targets
-
Venezuela, Bolivarian Republic of targets
-
Spain targets
-
United States of America targets
Indicators (6)
-
uyhi3ypdkfeymyf5v35pbk3pz7st3zamsbjzf47jiqbcm3zmikpwf3qd.onionindicates -
dc54117b965674bad3d7cd203ecf5e7fc822423a3f692895cf5e96e83fb88f6aindicates -
http://aaaaabbbbbbb.eastus.cloudapp.azure.com:443indicates -
297ea881aa2b39461997baf75d83b390f2c36a9a0a4815c81b5cf8be42840fd1indicates -
jbdg4buq6jd7ed3rd6cynqtq5abttuekjnxqrqyvk4xam5i7ld33jvqd.onionindicates -
4843429e2e8871847bc1e97a0f12fa1f4166baa4735dff585cb3b4736e3fe49eindicates
Vulnerabilities (CVE) (3)
CVE-2025-29814
targets
9.3
Critical
Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
- Attack vector
- NETWORK
- Published
- 21/03/2025
- Modified
- 21/12/2025
7.0
High
Microsoft Windows Win32 Kernel Subsystem contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
- Attack vector
- Local
- Published
- 11/03/2025
- Modified
- 21/12/2025
7.8
High
Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
- Attack vector
- Local
- Published
- 08/04/2025
- Modified
- 21/12/2025