DARKSIDE
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 20/12/2025 19:33
- Modified
- 21/12/2025 00:24
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 42 attack patterns (mitre), 2 intrusion sets (apt), 6 sectors, 2 countries, 17 indicators, 6 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (42)
-
T1016 usesSystem Network Configuration Discovery MITRE
-
T1548 usesAbuse Elevation Control Mechanism MITRE
-
T1497 usesVirtualization/Sandbox Evasion MITRE
-
T1135 usesNetwork Share Discovery MITRE
-
T1033 usesSystem Owner/User Discovery MITRE
-
T1505 usesServer Software Component MITRE
-
T1140 usesDeobfuscate/Decode Files or Information MITRE
-
T1486 usesData Encrypted for Impact MITRE
-
T1136 usesCreate Account MITRE
-
T1105 usesIngress Tool Transfer MITRE
-
T1053 usesScheduled Task/Job MITRE
-
T1574 usesHijack Execution Flow MITRE
Intrusion sets (APT) (2)
-
The MITRE Corporation Confidence 100
[Cinnamon Tempest](https://attack.mitre.org/groups/G1021) is a China-based threat group that has been active since at least 2021 deploying multiple strains of ransomware based on the leaked [Babuk](https://attack.mitre.org/software/S0638) source code. [Cinnamon…
First seen 01/01/1970 · Last seen 16/11/5138 · -
UNC4466 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (6)
-
Finance targets
-
Manufacturing targets
-
Chemical targets
-
Healthcare targets
-
Government targets
-
Legal consulting targets
Countries (2)
-
Korea, Democratic People's Republic of targets
-
United States of America targets
Indicators (17)
-
update.microsoftlab.topindicatesstix 100/100 Revoked· Valid until 10/10/2023 · Source: AlienVault -
stix 100/100 Revoked
SHA256 of 1136efb1a46d1f2d508162387f30dc4d
· Valid until 23/04/2025 · Source: AlienVault -
stix 100/100 Revoked
apt_DeepPanda_htran_exe SHA256 of fb6bf74c6c1f2482e914816d6e97ce09
· Valid until 20/05/2024 · Source: AlienVault -
stix 100/100 Revoked
GoLandBuildPE SHA256 of 1f437347917f0a4ced71fb7df53b1a05
· Valid until 10/07/2024 · Source: AlienVault
Vulnerabilities (CVE) (6)
Veritas Backup Exec (BE) Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command …
- Published
- 07/04/2023
- Modified
- 21/12/2025
Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.
- Published
- 03/11/2021
- Modified
- 20/12/2025
Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
- Attack vector
- Network
- Published
- 10/12/2021
- Modified
- 27/05/2026
Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via …
- Published
- 07/04/2023
- Modified
- 21/12/2025
Veritas Backup Exec (BE) Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a …
- Published
- 07/04/2023
- Modified
- 21/12/2025
Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution.
- Attack vector
- NETWORK
- Complexity
- LOW
- Published
- 19/10/2017
- Modified
- 22/04/2026