UNC5337
· Published 21/12/2025 08:44 · Modified 21/12/2025 08:44
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 08:44
- Modified
- 21/12/2025 08:44
- Updated at
- 21/12/2025 08:44
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 2 reports, 16 attack patterns (mitre), 6 malware, 17 indicators, 4 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (2)
-
8 MITREs 3 Malwares 14 Observables 1 APTPublished 17/01/2025 17:17 · Modified 17/01/2025 17:54
-
4 CVEs 10 MITREs 6 Malwares 7 Observables 1 APTPublished 09/01/2025 08:56 · Modified 09/01/2025 09:09
Attack patterns (MITRE) (16)
-
T1190 usesExploit Public-Facing Application
-
T1078 usesValid Accounts
-
T1053.005 usesScheduled Task
-
T1021.001 usesRemote Desktop Protocol
-
T1055.012 usesProcess Hollowing
-
T1543.003 usesWindows Service
-
T1059 usesCommand and Scripting Interpreter
-
T1571 usesNon-Standard Port
-
T1557 usesAdversary-in-the-Middle
-
T1003 usesOS Credential Dumping
-
T1562.004 usesDisable or Modify System Firewall
-
T1213 usesData from Information Repositories
-
T1133 usesExternal Remote Services
-
T1070.004 usesFile Deletion
-
T1105 usesIngress Tool Transfer
-
T1505.003 usesWeb Shell
Malware (6)
-
SPAWNSLOTH usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 08:44 · Modified 21/12/2025 08:44
-
PHASEJAM usesFamilyPublished 09/01/2025 08:56 · Modified 09/01/2025 08:56
-
DRYHOOK usesFamilyPublished 09/01/2025 08:56 · Modified 09/01/2025 08:56
-
SPAWNANT usesFamilyPublished 09/01/2025 08:56 · Modified 09/01/2025 08:56
-
SPAWNMOLE usesFamilyPublished 17/01/2025 17:17 · Modified 17/01/2025 17:17
-
SPAWNSNAIL usesFamilyPublished 17/01/2025 17:17 · Modified 17/01/2025 17:17
Indicators (17)
-
4d7f4c330cdb4c16de4327b1b82f3cbe53d20c117fffc972a2d3a47e01e0a65findicates -
43363aa0d1fdab0174d94bd5a9e16d47cbb08b4b089c5a12e370133ab8e640a6indicates -
aae291ac5767cfe93676dacb67ba50c98d8fd520f5821fb050fd63e38b000b18indicates -
366635c00b8e6f749a4d948574a0f1e7b4c842ca443176de27af45debbc14f71indicates -
a6b24fcef2e018c9ef634aa21e26a74ff94ea508a8b132fad38d48f5ab10fcd3indicates -
75a3d53c1d63ecb338d4b2d6f5b3d980b0caceb77808ed81ab73b49138cc0a26indicates -
723711ccbb3eaf1daea3d5b00aa6aaee48a359be395d9500d8a56609ec5238e9indicates -
3526af9189533470bc0e90d54bafb0db7bda784be82a372ce112e361f7c7b104indicates -
f9ca95119b32a18491e3cc28c7020ee00f6e7a45ae089c876d87252e754e5a2eindicates -
1dc0a3a5904ec35103538a018ef069fbe95b0a3c26cb0ff9ba0d1c268d1aaf98indicates -
7144b8c77d261985205ae2621eb6242f43d6244e18b8d01d05048337346b6efdindicates -
M_Credtheft_DRYHOOK_1indicates -
M_APT_Tunneler_SPAWNMOLE_1indicates -
0073cfe7bc582693bf543490020a510feaec1bb693b4ebb28a7595d472917a69indicates -
M_APT_Installer_SPAWNANT_1indicates -
M_Dropper_PHASEJAM_1indicates -
M_APT_Installer_SPAWNSNAIL_1indicates
Vulnerabilities (CVE) (4)
7.0
High
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …
- Attack vector
- LOCAL
- Published
- 09/01/2025
- Modified
- 21/12/2025
CVE-2025-0282
KEV
9.0
Critical
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …
- Attack vector
- Network
- Published
- 08/01/2025
- Modified
- 21/12/2025
CVE-2024-21887
KEV
9.1
Critical
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web …
- Attack vector
- Network
- Published
- 10/01/2024
- Modified
- 27/05/2026
CVE-2023-46805
KEV
8.2
High
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the …
- Attack vector
- Network
- Published
- 10/01/2024
- Modified
- 27/05/2026