CASTLETAP
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 16/06/2025 22:20
- Modified
- 27/03/2026 01:03
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 18 attack patterns (mitre), 2 intrusion sets (apt), 12 sectors, 4 countries, 30 indicators, 1 vulnerabilities (cve)
Description
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (18)
Intrusion sets (APT) (2)
-
UNC4841 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UNC3886 usesThe MITRE Corporation Confidence 100
[UNC3886](https://attack.mitre.org/groups/G1048) is a China-nexus cyberespionage group that has been active since at least 2022, targeting defense, technology, and telecommunication organizations located in the United States and the Asia-Pacific-Japan…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (12)
-
Information Technologies Consulting targets
-
Telecommunications targets
-
High-tech targets
-
Diplomacy targets
-
Market infrastructures targets
-
Healthcare targets
-
Technology targets
-
Manufacturing targets
-
Government targets
-
Defense targets
-
Ministries of foreign affairs targets
-
Air transport targets
Countries (4)
-
Hong Kong targets
-
Taiwan targets
-
China targets
-
United States of America targets
Indicators (30)
-
stix 100/100 Revoked
is__elf SHA256 of 19e373b13297de1783cecf856dc48eb0
· Valid until 01/12/2024 · Source: AlienVault -
stix 100/100 Revoked
is__elf SHA256 of 177add288b289d43236d2dba33e65956
· Valid until 01/12/2024 · Source: AlienVault -
stix 100/100 Revoked
is__elf SHA256 of 827d507aa3bde0ef903ca5dec60cdec8
· Valid until 01/12/2024 · Source: AlienVault -
stix 100/100 Revoked
is__elf SHA256 of 85c5b6c408e4bdb87da6764a75008adf
· Valid until 01/12/2024 · Source: AlienVault -
stix 100/100 Revoked
is__elf SHA256 of 4ec4ceda84c580054f191caa09916c68
· Valid until 01/12/2024 · Source: AlienVault -
a4de7fde5f25db5c3d3780eb737ae997be5723f4indicatesyara 100/100 Revoked· Valid until 01/12/2024 · Source: AlienVault -
stix 100/100 Revoked
SHA256 of 0d67f50a0bf7a3a017784146ac41ada0
· Valid until 01/12/2024 · Source: AlienVault -
stix 100/100 Revoked
SHA256 of ac4fb6d0bfc871be6f68bfa647fc0125
· Valid until 01/12/2024 · Source: AlienVault -
975cb9494edbe3f8a0c4ddfcb18e03b034b1188findicatesyara 100/100 Revoked· Valid until 01/12/2024 · Source: AlienVault
Vulnerabilities (CVE) (1)
Barracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection.
- Attack vector
- Network
- Published
- 26/05/2023
- Modified
- 21/12/2025