Storm-2460
· Published 21/12/2025 12:50 · Modified 21/12/2025 12:50
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 12:50
- Modified
- 21/12/2025 12:50
- Updated at
- 21/12/2025 12:50
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 2 reports, 31 attack patterns (mitre), 2 malware, 4 sectors, 4 countries, 6 indicators, 3 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (2)
-
1 CVE 18 MITREs 1 Malware 4 Observables 1 APT
-
9 MITREs 2 Malwares 1 APT
Attack patterns (MITRE) (31)
-
T1012 usesQuery Registry MITRE
-
T1486 usesData Encrypted for Impact MITRE
-
T1547.001 usesRegistry Run Keys / Startup Folder MITRE
-
T1095 usesNon-Application Layer Protocol MITRE
-
T1059.001 usesPowerShell MITRE
-
T1078 usesValid Accounts MITRE
-
T1068 usesExploitation for Privilege Escalation MITRE
-
T1132 usesData Encoding MITRE
-
T1490 usesInhibit System Recovery MITRE
-
T1055 usesProcess Injection MITRE
-
T1573 usesEncrypted Channel MITRE
-
T1573.001 usesSymmetric Cryptography MITRE
Sectors (4)
-
Retail targets
-
Information Technologies Consulting targets
-
Finance targets
-
Construction targets
Countries (4)
-
Saudi Arabia targets
-
Venezuela, Bolivarian Republic of targets
-
Spain targets
-
United States of America targets
Indicators (6)
-
uyhi3ypdkfeymyf5v35pbk3pz7st3zamsbjzf47jiqbcm3zmikpwf3qd.onionindicates -
dc54117b965674bad3d7cd203ecf5e7fc822423a3f692895cf5e96e83fb88f6aindicates -
http://aaaaabbbbbbb.eastus.cloudapp.azure.com:443indicates -
297ea881aa2b39461997baf75d83b390f2c36a9a0a4815c81b5cf8be42840fd1indicates -
jbdg4buq6jd7ed3rd6cynqtq5abttuekjnxqrqyvk4xam5i7ld33jvqd.onionindicates -
4843429e2e8871847bc1e97a0f12fa1f4166baa4735dff585cb3b4736e3fe49eindicates
Vulnerabilities (CVE) (3)
CVE-2025-29814
targets
9.3
Critical
Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
- Attack vector
- NETWORK
- Published
- 21/03/2025
- Modified
- 21/12/2025
7.0
High
Microsoft Windows Win32 Kernel Subsystem contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
- Attack vector
- Local
- Published
- 11/03/2025
- Modified
- 21/12/2025
7.8
High
Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
- Attack vector
- Local
- Published
- 08/04/2025
- Modified
- 21/12/2025