CASTLETAP
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 16/06/2025 22:20
- Modified
- 27/03/2026 01:03
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 18 attack patterns (mitre), 2 intrusion sets (apt), 12 sectors, 4 countries, 30 indicators, 1 vulnerabilities (cve)
Description
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (18)
Intrusion sets (APT) (2)
-
UNC4841 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UNC3886 usesThe MITRE Corporation Confidence 100
[UNC3886](https://attack.mitre.org/groups/G1048) is a China-nexus cyberespionage group that has been active since at least 2022, targeting defense, technology, and telecommunication organizations located in the United States and the Asia-Pacific-Japan…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (12)
-
Information Technologies Consulting targets
-
Telecommunications targets
-
High-tech targets
-
Diplomacy targets
-
Market infrastructures targets
-
Healthcare targets
-
Technology targets
-
Manufacturing targets
-
Government targets
-
Defense targets
-
Ministries of foreign affairs targets
-
Air transport targets
Countries (4)
-
Hong Kong targets
-
Taiwan targets
-
China targets
-
United States of America targets
Indicators (30)
-
stix 100/100 Revoked
SHA256 of 35cf6faf442d325961935f660e2ab5a0
· Valid until 01/12/2024 · Source: AlienVault -
c5950c3f5d221bc3262607aedc1f83376f750ce5indicatesyara 100/100 Revoked· Valid until 01/12/2024 · Source: AlienVault -
stix 100/100 Revoked
stack_string SHA256 of 4ca4f582418b2cc0626700511a6315c0
· Valid until 20/01/2026 · Source: AlienVault -
stix 100/100 Revoked
stack_string SHA256 of 45b79949276c9cb9cf5dc72597dc1006
· Valid until 01/12/2024 · Source: AlienVault -
mx01.bestfindthetruth.comindicatesstix 100/100 Revoked· Valid until 11/12/2024 · Source: AlienVault -
stix 100/100 Revoked
is__elf SHA256 of 9bc6d6af590e7d94869dee1d33cc1cae
· Valid until 01/12/2024 · Source: AlienVault -
stix 100/100 Revoked
SHA256 of 42722b7d04f58dcb8bd80fe41c7ea09e
· Valid until 01/12/2024 · Source: AlienVault
Vulnerabilities (CVE) (1)
Barracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection.
- Attack vector
- Network
- Published
- 26/05/2023
- Modified
- 21/12/2025