Unfurling Hemlock
· Published 21/12/2025 05:40 · Modified 21/12/2025 05:40
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 05:40
- Modified
- 21/12/2025 05:40
- Updated at
- 21/12/2025 05:40
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 1 reports, 12 attack patterns (mitre), 5 malware, 35 indicators
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (1)
-
12 MITREs 5 Malwares 55 Observables 1 APTPublished 01/07/2024 10:54 · Modified 01/07/2024 11:17
Attack patterns (MITRE) (12)
-
T1195 usesSupply Chain Compromise
-
T1566 usesPhishing
-
T1059 usesCommand and Scripting Interpreter
-
T1543 usesCreate or Modify System Process
-
T1055 usesProcess Injection
-
BITS Jobs usesT1197
-
T1027.002 usesSoftware Packing
-
T1027 usesObfuscated Files or Information
-
T1071 usesApplication Layer Protocol
-
T1140 usesDeobfuscate/Decode Files or Information
-
T1003 usesOS Credential Dumping
-
T1036 usesMasquerading
Malware (5)
-
Mystic Stealer usesFamilyPublished 01/07/2024 10:54 · Modified 01/07/2024 10:54
-
SmokeLoader usesFamilyPublished 16/09/2025 08:02 · Modified 16/09/2025 08:02
-
RisePro usesFamilyPublished 16/12/2024 23:06 · Modified 16/12/2024 23:06
-
Amadey - S1025 usesFamilyPublished 29/09/2025 08:06 · Modified 29/09/2025 08:06
-
Redline usesFamilyPublished 08/05/2026 11:31 · Modified 08/05/2026 11:31
Indicators (35)
-
http://77.91.124.130/gallery/photo_570.exeindicates -
be25926929b1aae0257d7f7614dd5ad637b8fd8e139c68f4d717e3dc9913e3cfindicates -
1f224093b9557dd73caaf1c6a823028c286ddd3414bceb0860e0fe084fb8c2abindicates -
http://185.46.46.146/none/vah50.exeindicates -
http://193.233.255.73/loghub/masterindicates -
0ef7459cebfe9bd9102c5eccc16eedddec5931e69bf705aa44aa3c7af584f209indicates -
http://77.91.124.1/theme/index.phpindicates -
94115d0eae0422b6605f0f25841c29b7cc6c029472a983b21d1cedcd7fdcd647indicates -
7d18c67c13ec919f3950092319d11eda129c8498e171612e681eebf1c977493dindicates -
da4f614c983fa226d813de390937389ae4d1e043dd86524aa7a5246fd587826bindicates -
37b9e74da5fe5e27aaedc25e4aac7678553b6d7d89ec4d99e8b9d0627dcbdc12indicates -
http://5.42.92.93/i/smo.exeindicates -
301a1c9f4e82fc8f57577ea399a2591557ff57d337472c3f8482a89c5b4105d5indicates -
edfb4374d5c586f0690c95ff8cacb36bda6fb4743f20dda5e6f17e7e241edd47indicates -
229e859dda6cc0bc99a395824f4524693bdd0292b4b9c55d06b4fa38279b3ea2indicates -
http://5.42.92.93/39902/from.exeindicates -
80df101f1f93fa53b3dcbc315d3ec5d8c8330c08b5622ac3207f746d016b66dcindicates -
http://109.107.182.45/red/line.exeindicates -
http://77.91.68.29/fks/indicates -
http://globalsystemperu.com/forms/gate4.exeindicates -
0c48529d2979698341e89d6ea5f7e9211fa277e40d3f6a55a8996135944ebdadindicates -
65923603a6f117c7460b8cc69009105208bdfa544b90446580915db8fe127ae8indicates -
host-file-host8.comindicates -
http://109.107.182.3/some/love.exeindicates -
host-file-host6.comindicates -
http://77.91.68.21/nova/foxi.exeindicates -
http://77.91.124.20/store/games/index.phpindicates -
fd7a9b8e52e2fbcb090d5f5046a73d6e42b421abf063083210889f3fcb47dee0indicates -
35c55b402e770e25adf57ffbd408a428af9ce21a735474b5d94ccdd4123e68f8indicates -
http://185.215.113.68/theme/index.phpindicates -
5697652d0fd5b4a05ac00f6ec028fd3dc3e34ed7b112c4b8c6048eae72a8d326indicates -
globalsystemperu.comindicates -
8fe4d34a6a245c5acd3d1741213c1dd195468089b1a3fe80adfa6d8d8c94f2d8indicates -
7f101603fbb2821504cf2c71fca0450689dfcd6d1f36e57e27f0392be0f2d1ddindicates -
http://109.107.182.3/love/bongo.exeindicates