Fodcha
AlienVault
· Published 20/12/2025 19:32 · Modified 20/12/2025 22:39
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 20/12/2025 19:32
- Modified
- 20/12/2025 22:39
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 13 attack patterns (mitre), 2 countries, 43 indicators, 2 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (13)
-
T1584.005 usesBotnet MITRE
-
T1595.002 usesVulnerability Scanning MITRE
-
T1140 usesDeobfuscate/Decode Files or Information MITRE
-
T1498 usesNetwork Denial of Service MITRE
-
T1210 usesExploitation of Remote Services MITRE
-
T1094 uses
-
T1040 usesNetwork Sniffing MITRE
-
T1574 usesHijack Execution Flow MITRE
-
T1583.005 usesBotnet MITRE
-
T1059 usesCommand and Scripting Interpreter MITRE
-
T1190 usesExploit Public-Facing Application MITRE
-
T1587.001 usesMalware MITRE
Countries (2)
-
China targets
-
United States of America targets
Indicators (43)
-
http://139.177.195.192/blahindicatesstix 100/100 Revoked· Valid until 30/05/2022 · Source: AlienVault -
http://162.33.179.171/bins/realtek.mpslindicatesstix 100/100 Revoked· Valid until 30/05/2022 · Source: AlienVault -
http://139.177.195.192/bins/arm7indicatesstix 100/100 Revoked· Valid until 30/05/2022 · Source: AlienVault -
http://162.33.179.171/bins/arm7indicatesstix 100/100 Revoked· Valid until 30/05/2022 · Source: AlienVault -
http://139.177.195.192/bins/realtek.mipsindicatesstix 100/100 Revoked· Valid until 30/05/2022 · Source: AlienVault -
http://162.33.179.171/k.shindicatesstix 100/100 Revoked· Valid until 30/05/2022 · Source: AlienVault -
http://139.177.195.192/bins/arm5indicatesstix 100/100 Revoked· Valid until 30/05/2022 · Source: AlienVault -
http://139.177.195.192/bins/mipsindicatesstix 100/100 Revoked· Valid until 30/05/2022 · Source: AlienVault -
http://162.33.179.171/bins/realtek.mipsindicatesstix 100/100 Revoked· Valid until 30/05/2022 · Source: AlienVault
Vulnerabilities (CVE) (2)
GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse …
- Published
- 03/11/2021
- Modified
- 20/12/2025
RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution.
- Published
- 10/12/2021
- Modified
- 20/12/2025