Hacktool
AlienVault
· Published 20/12/2025 19:32 · Modified 20/12/2025 23:03
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 20/12/2025 19:32
- Modified
- 20/12/2025 23:03
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 12 attack patterns (mitre), 11 indicators, 2 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (12)
-
T1014 usesRootkit MITRE
-
T1057 usesProcess Discovery MITRE
-
T1204 usesUser Execution MITRE
-
T1190 usesExploit Public-Facing Application MITRE
-
T1566 usesPhishing MITRE
-
T1072 usesSoftware Deployment Tools MITRE
-
T1068 usesExploitation for Privilege Escalation MITRE
-
T1036 usesMasquerading MITRE
-
T1562 usesImpair Defenses MITRE
-
T1059 usesCommand and Scripting Interpreter MITRE
-
T1021.001 usesRemote Desktop Protocol MITRE
-
T1496 usesResource Hijacking MITRE
Indicators (11)
-
stix 100/100 Revoked
Trojan:Win32/Skeeyah.B!rfn
· Valid until 15/05/2026 · Source: AlienVault -
stix 100/100
CoinMiner
· Valid until 21/07/2026 · Source: AlienVault -
stix 100/100 Revoked· Valid until 06/08/2023 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 10/04/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 06/08/2023 · Source: AlienVault
-
stix 100/100 Revoked
CoinMiner
· Valid until 02/12/2025 · Source: AlienVault -
stix 100/100 Revoked
HackTool:Win32/Mikatz!dha SHA256 of 655979d56e874fbe7561bb1b6e512316c25cbb19
· Valid until 06/02/2024 · Source: AlienVault -
stix 100/100 Revoked· Valid until 17/07/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 06/08/2023 · Source: AlienVault
-
stix 100/100
HackTool:Win32/Mimikatz.D
· Valid until 23/10/2026 · Source: AlienVault -
stix 100/100 Revoked
Cabinet_Archive
· Valid until 13/05/2025 · Source: AlienVault
Vulnerabilities (CVE) (2)
Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.
- Published
- 03/11/2021
- Modified
- 20/12/2025
10.0
Critical
Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
- Attack vector
- Network
- Published
- 10/12/2021
- Modified
- 27/05/2026