CASTLETAP
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 16/06/2025 22:20
- Modified
- 27/03/2026 01:03
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 18 attack patterns (mitre), 2 intrusion sets (apt), 12 sectors, 4 countries, 30 indicators, 1 vulnerabilities (cve)
Description
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (18)
Intrusion sets (APT) (2)
-
UNC4841 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
UNC3886 usesThe MITRE Corporation Confidence 100
[UNC3886](https://attack.mitre.org/groups/G1048) is a China-nexus cyberespionage group that has been active since at least 2022, targeting defense, technology, and telecommunication organizations located in the United States and the Asia-Pacific-Japan…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (12)
-
Information Technologies Consulting targets
-
Telecommunications targets
-
High-tech targets
-
Diplomacy targets
-
Market infrastructures targets
-
Healthcare targets
-
Technology targets
-
Manufacturing targets
-
Government targets
-
Defense targets
-
Ministries of foreign affairs targets
-
Air transport targets
Countries (4)
-
Hong Kong targets
-
Taiwan targets
-
China targets
-
United States of America targets
Indicators (30)
-
stix 100/100 Revoked
is__elf SHA256 of 436587bad5e061a7e594f9971d89c468
· Valid until 01/12/2024 · Source: AlienVault -
stix 100/100 Revoked
SHA256 of 5392fb400bd671d4b185fb35a9b23fd3
· Valid until 01/12/2024 · Source: AlienVault -
stix 100/100 Revoked
SHA256 of 878cf1de91f3ae543fd290c31adcbda4
· Valid until 01/12/2024 · Source: AlienVault -
675e640d82635c8c93f147bd69d1a2c1195acf1findicatesyara 100/100 Revoked· Valid until 01/12/2024 · Source: AlienVault -
stix 100/100 Revoked
SHA256 of fe1e2d676c91f899b706682b70176983
· Valid until 01/12/2024 · Source: AlienVault
Vulnerabilities (CVE) (1)
Barracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection.
- Attack vector
- Network
- Published
- 26/05/2023
- Modified
- 21/12/2025