CactusPete
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 20/12/2025 19:34
- Modified
- 20/12/2025 21:33
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 6 attack patterns (mitre), 1 intrusion sets (apt), 2 sectors, 2 countries, 11 indicators, 1 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (6)
Intrusion sets (APT) (1)
-
The MITRE Corporation Confidence 100
[Tonto Team](https://attack.mitre.org/groups/G0131) is a suspected Chinese state-sponsored cyber espionage threat group that has primarily targeted South Korea, Japan, Taiwan, and the United States since at least 2009; by…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (2)
-
Heavy industries targets
-
Telecommunications targets
Countries (2)
-
Russian Federation targets
-
Pakistan targets
Indicators (11)
-
stix 100/100 Revoked
RoyalRoad_RTF_v7 SHA256 of 1c848911e6439c14ecc98f2903fc1aea63479a9f
· Valid until 11/10/2023 · Source: AlienVault -
stix 100/100 Revoked
RoyalRoad_RTF_v7 SHA256 of a501fec38f4aca1a57393b6e39a52807a7f071a4
· Valid until 11/10/2023 · Source: AlienVault -
upportteam.lingrevelat.comindicatesstix 100/100 Revoked· Valid until 21/10/2023 · Source: AlienVault -
supportteam.lingrevelat.comindicatesstix 100/100 Revoked· Valid until 21/10/2023 · Source: AlienVault -
stix 100/100 Revoked
Other:Malware-gen\ [Trj] SHA256 of f599ed4ecb6c61ef2f2692d1a083e3bb040f95e6
· Valid until 11/10/2023 · Source: AlienVault -
stix 100/100 Revoked
SHA256 of 91ca78231bcacab0d5e6194041817b96252e65bf
· Valid until 11/10/2023 · Source: AlienVault -
stix 100/100 Revoked
Other:Malware-gen\ [Trj] SHA256 of 415ce2db3957294d73fa832ed844940735120bae
· Valid until 11/10/2023 · Source: AlienVault -
stix 100/100 Revoked
Other:Malware-gen\ [Trj] SHA256 of 2abf70f69a289cc99adb5351444a1bd23fd97384
· Valid until 11/10/2023 · Source: AlienVault -
stix 100/100 Revoked
RoyalRoad_RTF_v7 SHA256 of f444ff2386cd3ada204c3224463f4be310e5554a
· Valid until 11/10/2023 · Source: AlienVault
Vulnerabilities (CVE) (1)
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code …
- Published
- 03/11/2021
- Modified
- 27/05/2026