Storm-2603

Search IOCs, vulnerabilities, APT…

216.73.217.22

← Back to intrusion sets

· Published 21/12/2025 15:15 · Modified 21/12/2025 15:15 · Source: AlienVault

Essential information

Confidence: 100/100
Published: 21/12/2025 15:15
Modified: 21/12/2025 15:15
Updated at: 21/12/2025 15:15
Revoked: No
Author / Source: AlienVault
Resource level: —
Primary motivation: —
Related entities: 5 reports, 41 attack patterns (mitre), 10 malware, 4 sectors, 7 countries, 55 indicators, 14 vulnerabilities (cve)

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (5)

Storm-2603 Exploits CVE-2026-23760 to Stage Warlock Ransomware

2 CVEs 9 MITREs 1 Malware 3 Observables 1 APT
Warlock Ransomware: Old Actor, New Tricks?

15 MITREs 4 Malwares 1 APT
Velociraptor leveraged in ransomware attacks

1 CVE 5 Malwares 5 Observables 1 APT
Project AK47: Uncovering a Link to the SharePoint …

11 CVEs 19 MITREs 5 Malwares 27 Observables 1 APT
Exploring Storm-2603's Previous Ransomware Operations

4 CVEs 4 MITREs 2 Malwares 25 Observables 1 APT

Attack patterns (MITRE) (41)

T1106 uses

Native API MITRE
T1046 uses

Network Service Discovery MITRE
T1571 uses

Non-Standard Port MITRE
T1036 uses

Masquerading MITRE
T1547 uses

Boot or Logon Autostart Execution MITRE
T1083 uses

File and Directory Discovery MITRE
T1550 uses

Use Alternate Authentication Material MITRE
T1218.007 uses

Msiexec MITRE
T1543 uses

Create or Modify System Process MITRE
T1505 uses

Server Software Component MITRE
T1071.004 uses

DNS MITRE
T1059 uses

Command and Scripting Interpreter MITRE

← Previous

Page / 4

1–12 of 41

Babuk - S0638 uses

Family
Babyk uses

Family
AK47C2 uses

Family
Anylock uses

Family
AK47 ransomware uses

Family
LockBit uses

Family
X2ANYLOCK uses

Family
CatB uses

Family
LockBit Black uses

Family
Warlock uses

Family

Sectors (4)

Technology targets
Engineering consulting targets
Government targets
Healthcare targets

Countries (7)

British Indian Ocean Territory targets
Brazil targets
Taiwan targets
United States of America targets
India targets
Japan targets
Russian Federation targets

Indicators (55)

updatemicfosoft.com indicates

stix 100/100 Revoked

· Valid until 27/12/2025 · Source: AlienVault
6feb5361fd3abd3a7a733c30bfcc2b58fc774ac6aa91a468ce2e31dcffc9d4de indicates

stix 100/100

· Valid until 19/10/2026 · Source: AlienVault
a919844f8f5e6655fd465be0cc0223946807dd324fcfe4ee93e9f0e6d607061e indicates

stix 100/100

· Valid until 02/08/2026 · Source: AlienVault
011b31d7e12a2403507a71deb33335d0e81f626d08ff68575a298edac45df4cb indicates

stix 100/100

· Valid until 28/07/2026 · Source: AlienVault
649bdaa38e60ede6d140bd54ca5412f1091186a803d3905465219053393f6421 indicates

stix 100/100

· Valid until 05/10/2026 · Source: AlienVault
c27b725ff66fdfb11dd6487a3815d1d1eba89d61b0e919e4d06ed3ac6a74fe94 indicates

stix 100/100

· Valid until 28/07/2026 · Source: AlienVault
update.updatemicfosoft.com indicates

stix 100/100

· Valid until 06/07/2026 · Source: AlienVault
c74897b1e986e2876873abb3b5069bf1b103667f7f0e6b4581fbda3fd647a74a indicates

stix 100/100 Revoked

· Valid until 24/10/2025 · Source: AlienVault
abb0fa128d3a75e69b59fe0391c1158eb84a799ddb0abc55d2d6be3511ef0ea1 indicates

stix 100/100

· Valid until 28/07/2026 · Source: AlienVault
24480dbe306597da1ba393b6e30d542673066f98826cc07ac4b9033137f37dbf indicates

stix 100/100

ConventionEngine_Term_Desktop

· Valid until 28/07/2026 · Source: AlienVault
a29125333ad72138d299cc9ef09718ddb417c3485f6b8fe05ba88a08bb0e5023 indicates

stix 100/100

· Valid until 05/10/2026 · Source: AlienVault
9f2434d5f8d042323cc7964520d99bda661bb23ce505cb03c8a07758bc9397a6 indicates

stix 100/100

· Valid until 19/10/2026 · Source: AlienVault

← Previous

Page / 5

1–12 of 55

Vulnerabilities (CVE) (14)

CVE-2024-1182 targets

7.0 High

Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi …

Attack vector: LOCAL
Complexity: High
Published: 04/07/2024
Modified: 08/04/2026

CWE-427 Received

CVE-2024-53870 targets

3.3 Low

NVIDIA CUDA toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a user could cause an out-of-bounds read by …

Attack vector: LOCAL
Published: 25/02/2025
Modified: 21/12/2025

Awaiting Analysis

CVE-2024-7587 targets

7.8 High

Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric …

Attack vector: Local
Published: 23/10/2024
Modified: 09/01/2026

Analyzed

CVE-2026-23760 KEV targets

9.3 Critical

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous …

Attack vector: Network
EPSS: 0.0336 (P87.0%)
Published: 26/01/2026
Modified: 10/02/2026

Received

CVE-2025-49704 KEV targets

8.8 High

Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could …

Attack vector: Network
Published: 22/07/2025
Modified: 21/12/2025

CVE-2025-6264 targets

5.5 Medium

Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run …

Attack vector: NETWORK
Published: 20/06/2025
Modified: 21/12/2025

CVE-2025-53771 targets

6.5 Medium

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing …

Attack vector: NETWORK
Published: 21/07/2025
Modified: 21/12/2025

Received

CVE-2025-0283 targets

7.0 High

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …

Attack vector: LOCAL
Published: 09/01/2025
Modified: 21/12/2025

Analyzed

CVE-2025-49706 KEV targets

6.5 Medium

Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow …

Attack vector: Network
Published: 22/07/2025
Modified: 21/12/2025

CVE-2025-0282 KEV targets

9.0 Critical

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …

Attack vector: Network
Published: 08/01/2025
Modified: 21/12/2025

Analyzed

CVE-2024-8299 targets

7.8 High

Uncontrolled Search Path Element vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi …

Attack vector: LOCAL
Complexity: Low
Published: 29/11/2024
Modified: 08/04/2026

CWE-427 Awaiting Analysis

CVE-2025-31324 KEV targets

10.0 Critical

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries …

Attack vector: Network
Published: 29/04/2025
Modified: 21/12/2025

Received

← Previous

Page / 2

1–12 of 14

Contact About Legal notice Privacy policy Terms of use

Storm-2603

Essential information

Description

Marking (TLP)

Related entities

Reports (5)

Attack patterns (MITRE) (41)

Malware (10)

Sectors (4)

Countries (7)

Indicators (55)

Vulnerabilities (CVE) (14)