UTA0218
· Published 21/12/2025 04:18 · Modified 21/12/2025 04:18
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 04:18
- Modified
- 21/12/2025 04:18
- Updated at
- 21/12/2025 04:18
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 17 attack patterns (mitre), 2 malware, 19 indicators, 1 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Attack patterns (MITRE) (17)
-
-
-
-
-
-
T1207 MITRE
-
-
-
-
-
-
Malware (2)
-
UPSTYLE uses
-
GOST uses
Indicators (19)
-
stix 100/100 Revoked· Valid until 16/07/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 16/07/2025 · Source: AlienVault
-
hacktool_golang_reversessh_fahrjindicatesyara 100/100 Revokedhacktool_golang_reversessh_fahrj Detects a reverse SSH utility available on GitHub. Attackers may use this tool or similar tools in post-exploitation activity.
· Valid until 19/07/2025 · Source: AlienVault -
apt_malware_py_upstyleindicatesyara 100/100 Revokedapt_malware_py_upstyle Detect the UPSTYLE webshell.
· Valid until 19/07/2025 · Source: AlienVault -
http://172.233.228.93/vpn_prot.gzindicatesstix 100/100 Revoked· Valid until 29/05/2024 · Source: AlienVault -
stix 100/100 Revoked· Valid until 16/07/2025 · Source: AlienVault
-
http://172.233.228.93/lowdpindicatesstix 100/100 Revoked· Valid until 29/05/2024 · Source: AlienVault -
stix 100/100 Revoked
is__elf
· Valid until 16/07/2025 · Source: AlienVault -
stix 100/100 Revoked
Sliver_Implant_32bit
· Valid until 16/07/2025 · Source: AlienVault -
http://172.233.228.93/vpn.logindicatesstix 100/100 Revoked· Valid until 29/05/2024 · Source: AlienVault -
susp_any_jarischf_user_pathindicatesyara 100/100 Revokedsusp_any_jarischf_user_path Detects paths embedded in samples in released projects written by Ferdinand Jarisch, a pentester in AISEC. These tools are sometimes used by attackers in real world intrusions.
· Valid until 19/07/2025 · Source: AlienVault -
stix 100/100 Revoked· Valid until 16/07/2025 · Source: AlienVault
Vulnerabilities (CVE) (1)
10.0
Critical
Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges …
- Attack vector
- Network
- Published
- 12/04/2024
- Modified
- 21/12/2025