UNC6201
· Published 18/02/2026 17:40 · Modified 18/02/2026 17:40
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 18/02/2026 17:40
- Modified
- 18/02/2026 17:40
- Updated at
- 18/02/2026 17:40
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 2 reports, 26 attack patterns (mitre), 3 malware, 9 indicators, 1 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (2)
-
1 CVE 13 MITREs 3 Malwares 5 Observables 1 APTPublished 19/02/2026 20:16 · Modified 20/02/2026 13:14
-
1 CVE 16 MITREs 3 Malwares 9 Observables 1 APTPublished 18/02/2026 12:11 · Modified 18/02/2026 16:40
Attack patterns (MITRE) (26)
-
T1133 usesExternal Remote Services
-
T1571 usesNon-Standard Port
-
T1105 usesIngress Tool Transfer
-
T1078 usesValid Accounts
-
T1083 usesFile and Directory Discovery
-
T1569.002 usesService Execution
-
T1068 usesExploitation for Privilege Escalation
-
T1132 usesData Encoding
-
T1543.002 usesSystemd Service
-
T1573 usesEncrypted Channel
-
T1505.003 usesWeb Shell
-
T1018 usesRemote System Discovery
-
T1016 usesSystem Network Configuration Discovery
-
T1027 usesObfuscated Files or Information
-
T1021.001 usesRemote Desktop Protocol
-
T1057 usesProcess Discovery
-
T1053.003 usesCron
-
T1055 usesProcess Injection
-
T1095 usesNon-Application Layer Protocol
-
T1190 usesExploit Public-Facing Application
-
T1071 usesApplication Layer Protocol
-
T1021.002 usesSMB/Windows Admin Shares
-
T1021.004 usesSSH
-
T1021 usesRemote Services
-
T1082 usesSystem Information Discovery
-
T1053 usesScheduled Task/Job
Malware (3)
-
BRICKSTORM usesFamilyPublished 05/06/2026 18:07 · Modified 05/06/2026 18:07
-
SLAYSTYLE usesFamilyPublished 19/02/2026 20:16 · Modified 19/02/2026 20:16
-
GRIMBOLT usesFamilyPublished 19/02/2026 20:16 · Modified 19/02/2026 20:16
Indicators (9)
-
24a11a26a2586f4fba7bfe89df2e21a0809ad85069e442da98c37c4add369a0cindicates -
2388ed7aee0b6b392778e8f9e98871c06499f476c9e7eae6ca0916f827fe65dfindicates -
90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035indicates -
aa688682d44f0c6b0ed7f30b981a609100107f2d414a3a6e5808671b112d1878indicates -
dfb37247d12351ef9708cb6631ce2d7017897503657c6b882a711c0da8a9a591indicates -
45313a6745803a7f57ff35f5397fdf117eaec008a76417e6e2ac8a6280f7d830indicates -
92fb4ad6dee9362d0596fda7bbcfe1ba353f812ea801d1870e37bfc6376e624aindicates -
320a0b5d4900697e125cebb5ff03dee7368f8f087db1c1570b0b62f5a986d759indicates -
http://149.248.11.71/rest/apisessionindicates
Vulnerabilities (CVE) (1)
CVE-2026-22769
KEV
10.0
Critical
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated …
- Attack vector
- NETWORK
- Published
- 17/02/2026
- Modified
- 22/02/2026