UNC1860
· Published 21/12/2025 06:33 · Modified 21/12/2025 06:33
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 06:33
- Modified
- 21/12/2025 06:33
- Updated at
- 21/12/2025 06:33
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 1 reports, 19 attack patterns (mitre), 16 malware, 2 sectors, 5 countries, 22 indicators, 1 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (1)
-
1 CVE 19 MITREs 16 Malwares 22 Observables 1 APTPublished 20/09/2024 11:10 · Modified 20/09/2024 11:36
Attack patterns (MITRE) (19)
-
T1059 usesCommand and Scripting Interpreter
-
T1573 usesEncrypted Channel
-
Direct Volume Access usesT1006
-
T1078 usesValid Accounts
-
T1068 usesExploitation for Privilege Escalation
-
T1505.003 usesWeb Shell
-
T1014 usesRootkit
-
T1207
-
T1583 usesAcquire Infrastructure
-
T1553 usesSubvert Trust Controls
-
T1190 usesExploit Public-Facing Application
-
T1562.002 usesDisable Windows Event Logging
Malware (16)
-
BABYWIPER usesFamilyPublished 20/09/2024 11:10 · Modified 20/09/2024 11:10
-
ROADSWEEP usesFamilyPublished 20/09/2024 11:10 · Modified 20/09/2024 11:10
-
SASHEYAWAY usesFamilyPublished 20/09/2024 11:10 · Modified 20/09/2024 11:10
-
VIROGREEN usesFamilyPublished 20/09/2024 11:10 · Modified 20/09/2024 11:10
-
SPARKLOAD usesFamilyPublished 20/09/2024 11:10 · Modified 20/09/2024 11:10
-
OATBOAT usesFamilyPublished 20/09/2024 11:10 · Modified 20/09/2024 11:10
-
TEMPLELOCK usesFamilyPublished 20/09/2024 11:10 · Modified 20/09/2024 11:10
-
WINTAPIX usesFamilyPublished 20/09/2024 11:10 · Modified 20/09/2024 11:10
-
BASEWALK usesFamilyPublished 20/09/2024 11:10 · Modified 20/09/2024 11:10
-
TEMPLEPLAY usesFamilyPublished 20/09/2024 11:10 · Modified 20/09/2024 11:10
-
ROTPIPE usesFamilyPublished 20/09/2024 11:10 · Modified 20/09/2024 11:10
-
TEMPLEDROP usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 06:33 · Modified 21/12/2025 06:33
Sectors (2)
- Telecommunications targets
- Government targets
Countries (5)
- Saudi Arabia targets
- Albania targets
- Iraq targets
- Israel targets
- Qatar targets
Indicators (22)
-
c0dc609e6fc8801bb902d14910c3ffd69d6bd5a26389836446dc4c23565ddcc7indicates -
c3fa9432243e1a2ab1991ab4c07a19392038e6a8e817e5fea0232c4caabbb950indicates -
3875ed58c0d42e05c83843b32ed33d6ba5e94e18ffe8fb1bf34fd7dedf3f82a7indicates -
a2598161e1efff623de6128ad8aafba9da0300b6f86e8c951e616bd19f0a572bindicates -
e1ad173e49eee1194f2a55afa681cef7c3b8f6c26572f474dec7a42e9f0cdc9dindicates -
c5b4542d61af74cf7454d7f1c8d96218d709de38f94ccfa7c16b15f726dc08c0indicates -
269d7faed3a01b5ff9181df32e3fdbf7f7f193cc53e4f28aa21290343e69f3cdindicates -
1485c0ed3e875cbdfc6786a5bd26d18ea9d31727deb8df290a1c00c780419a4eindicates -
8578bff36e3b02cc71495b647db88c67c3c5ca710b5a2bd539148550595d0330indicates -
fa2c5fa2814d4db288bf8733edc4f1a78cd2c72cde90f42cf5b14162ac648042indicates -
da450c639c9a50377233c0f195c3f6162beb253f320ed57d5c9bb9c7f0e83999indicates -
fe14edf4db2a9838f15aaf24a5837ffc5c901313d6fd2fe60d15401154e44406indicates
Vulnerabilities (CVE) (1)
CVE-2019-0604
KEV
Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote …
- Published
- 03/11/2021
- Modified
- 20/12/2025