Team46
· Published 21/12/2025 13:00 · Modified 21/12/2025 13:00
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 13:00
- Modified
- 21/12/2025 13:00
- Updated at
- 21/12/2025 13:00
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 2 reports, 22 attack patterns (mitre), 3 malware, 2 sectors, 1 countries, 9 indicators, 2 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (2)
-
2 CVEs 14 MITREs 3 Malwares 9 Observables 1 APTPublished 29/10/2025 10:49 · Modified 29/10/2025 18:23
-
12 MITREs 3 Malwares 1 APTPublished 18/04/2025 21:45 · Modified 21/04/2025 12:45
Attack patterns (MITRE) (22)
-
T1113 usesScreen Capture
-
T1140 usesDeobfuscate/Decode Files or Information
-
T1059.001 usesPowerShell
-
T1082 usesSystem Information Discovery
-
T1547.009 usesShortcut Modification
-
T1218 usesSystem Binary Proxy Execution
-
T1055 usesProcess Injection
-
T1012 usesQuery Registry
-
T1036.004 usesMasquerade Task or Service
-
T1566.002 usesSpearphishing Link
-
T1070.004 usesFile Deletion
-
T1574.002 uses
-
T1218.011 usesRundll32
-
T1588.002 usesTool
-
T1566 usesPhishing
-
T1553.002 usesCode Signing
-
T1204.002 usesMalicious File
-
T1027 usesObfuscated Files or Information
-
T1057 usesProcess Discovery
-
T1568 usesDynamic Resolution
-
T1083 usesFile and Directory Discovery
-
T1573 usesEncrypted Channel
Malware (3)
-
Trinper usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 08:39 · Modified 21/12/2025 08:39
-
Dante usesFamilyPublished 29/10/2025 10:49 · Modified 29/10/2025 10:49
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:39 · Modified 27/05/2026 21:40
Sectors (2)
- Telecommunications targets
- Government targets
Countries (1)
- Russian Federation targets
Indicators (9)
-
srv510786.hstgr.cloudindicates -
https://srv480138.hstgr.cloud/uploads/scan_3824.pdf'indicates -
srv480138.hstgr.cloudindicates -
https://infosecteam.info/other.php?id=jdcz7vyqdoadr31gejeivo6g30cx7kguindicates -
mil-by.infoindicates -
infosecteam.infoindicates -
https://srv480138.hstgr.cloud/report.php?query=$env:COMPUTERNAME'indicates -
https://srv510786.hstgr.cloud/ordinary.php?id=9826fbb409f65dc6b068b085551bf4f3indicates -
https://mil-by.info/#/i?id=[REDACTED]indicates
Vulnerabilities (CVE) (2)
CVE-2025-2783
KEV
8.3
High
Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being …
- Attack vector
- Network
- Published
- 27/03/2025
- Modified
- 21/12/2025
7.8
High
Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.
- Attack vector
- LOCAL
- Published
- 03/09/2024
- Modified
- 21/12/2025