Daphne
AlienVault
· Published 20/12/2025 19:41 · Modified 21/12/2025 02:09
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 20/12/2025 19:41
- Modified
- 21/12/2025 02:09
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 19 attack patterns (mitre), 12 indicators, 1 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (19)
-
T1021 usesRemote Services MITRE
-
T1135 usesNetwork Share Discovery MITRE
-
T1036 usesMasquerading MITRE
-
T1562 usesImpair Defenses MITRE
-
T1003 usesOS Credential Dumping MITRE
-
T1071 usesApplication Layer Protocol MITRE
-
T1055 usesProcess Injection MITRE
-
T1059 usesCommand and Scripting Interpreter MITRE
-
T1110 usesBrute Force MITRE
-
T1078 usesValid Accounts MITRE
-
T1027 usesObfuscated Files or Information MITRE
-
T1543 usesCreate or Modify System Process MITRE
Indicators (12)
-
stix 100/100 Revoked
Empire_Invoke_PowerDump SHA256 of e7be97fb2200eb99805e39513304739a7a28b17e
· Valid until 10/03/2025 · Source: AlienVault -
stix 100/100 Revoked
TEL:Trojan:PowerShell/Wemaeye.B SHA256 of e938646862477e598fcda20d0b7551863f8b651c
· Valid until 10/03/2025 · Source: AlienVault -
https://asd.s7610rir.pw/win/checking.htaindicatesstix 100/100 Revoked· Valid until 22/01/2024 · Source: AlienVault -
stix 100/100 Revoked· Valid until 10/03/2025 · Source: AlienVault
-
https://asq.d6shiiwz.pw/win/hssl/d6.htaindicatesstix 100/100 Revoked· Valid until 22/01/2024 · Source: AlienVault -
https://asq.r77vh0.pw/win/hssl/r7.htaindicatesstix 100/100 Revoked· Valid until 22/01/2024 · Source: AlienVault -
http://asq.r77vh0.pw/win/checking.htaindicatesstix 100/100 Revoked· Valid until 22/01/2024 · Source: AlienVault -
stix 100/100 Revoked· Valid until 10/03/2025 · Source: AlienVault
-
stix 100/100 Revoked
Trojan:Win32/DorkBot.DU SHA256 of 07610f11d3b8ccb7b60cc8ad033dda6c7d3940c4
· Valid until 10/03/2025 · Source: AlienVault
Vulnerabilities (CVE) (1)
9.8
Critical
PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context …
- Attack vector
- Network
- Published
- 21/04/2023
- Modified
- 21/12/2025