UAT-8099
· Published 21/12/2025 18:10 · Modified 21/12/2025 18:10
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 18:10
- Modified
- 21/12/2025 18:10
- Updated at
- 21/12/2025 18:10
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 2 reports, 25 attack patterns (mitre), 2 malware, 4 sectors, 7 countries, 25 indicators
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (2)
-
2 Malwares 74 Observables 1 APTPublished 29/01/2026 17:20 · Modified 30/01/2026 08:19
-
10 MITREs 80 Observables 1 APTPublished 02/10/2025 15:07 · Modified 02/10/2025 16:18
Attack patterns (MITRE) (25 / 34)
-
T1055 usesProcess Injection
-
T1136.001 usesLocal Account
-
T1548 usesAbuse Elevation Control Mechanism
-
T1496 usesResource Hijacking
-
T1057 usesProcess Discovery
-
T1098 usesAccount Manipulation
-
T1059.005 usesVisual Basic
-
T1070.001 usesClear Windows Event Logs
-
T1547 usesBoot or Logon Autostart Execution
-
T1505.003 usesWeb Shell
-
T1082 usesSystem Information Discovery
-
T1560 usesArchive Collected Data
-
T1059.001 usesPowerShell
-
T1083 usesFile and Directory Discovery
-
T1140 usesDeobfuscate/Decode Files or Information
-
T1027.002 usesSoftware Packing
-
T1036 usesMasquerading
-
T1528 usesSteal Application Access Token
-
T1505 usesServer Software Component
-
T1012 usesQuery Registry
-
T1190 usesExploit Public-Facing Application
-
T1112 usesModify Registry
-
T1003 usesOS Credential Dumping
-
T1059.007 usesJavaScript
-
T1005 usesData from Local System
Malware (2)
Sectors (4)
- Telecommunications targets
- Government targets
- Education targets
- Technology targets
Countries (7)
- Thailand targets
- British Indian Ocean Territory targets
- India targets
- Japan targets
- Brazil targets
- Pakistan targets
- Canada targets
Indicators (25 / 153)
-
7ddf475abc6e01a1e703f4c54e5a2c8601fef4767b3b1859b78cfdc18b173004indicates -
265336511db98a4c40476455e2ae93aaf926abecd8f9b9d741f8d253abb80357indicates -
https://404.jmfwy.com/tdks.php?domain=%s\u0026path=%sindicates -
3ecb54a6abbd0be974a513390f33039626c8cae39e1d51c18e298ff85311e68dindicates -
https://bxphp.westooo.com/58z.jsindicates -
2cc87bd2ae25a5119cb950618850eddeb578954fa780b125c1f51d234fb405e3indicates -
879ee17ff9225e2c71d818eea5addd7ce3c41a4100a98bd5d29d4cb4f2dadf22indicates -
https://799.cors5.vip/1018.php?domain=%s\u0026path=%sindicates -
https://404.imxzq.com/tdks.php?domain=%s\u0026path=%sindicates -
http://tz.suucx.com/jump/ov.jsindicates -
th1.win123888.comindicates -
a34ea8fb565ac6f57eefc987c61159c1e6f1af6a8717ffb42f4b745db3bf9e31indicates -
404.imxzq.comindicates -
http://tz.jmfwy.com/jump/json.jsindicates -
bxphp.ggseocdn.comindicates -
c7a22f5c55ac1373a5964a6598da2a9afd8a61b9d729b9bf52a93c967a7f0edaindicates -
google.sneaws.comindicates -
29ffb1d28f98582e81e78e6b2d5502da50c8ebdee0d40005a86b0dadece2923bindicates -
xldll.xijingdafa.comindicates -
49740a5785f0d6790ee7f82915d2a95866332fc3eaf6fb0da59645404e4aed0cindicates -
7276bc5fe4d29daf7a23a9a68022330290be45cc3a5a1d76e82063135b85ce5cindicates -
https://bxphp.westooo.com/?xhost=%s\u0026url=%s\u0026ua=Googlespider\u0026f=bdindicates -
99f2c4773560eb515cfcb0ad45cf8e47c46580ab19494463160f885e048ce830indicates -
8b2a61f29fdeda908d299515975a4dd3abd1a7508dbe8487bcb2a56fad2ec16findicates -
tdk.hunanduodao.comindicates