Havoc
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 05/08/2025 20:12
- Modified
- 31/03/2026 20:49
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 76 attack patterns (mitre), 1 intrusion sets (apt), 5 sectors, 14 countries, 99 indicators, 4 vulnerabilities (cve), 12 reports
Description
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (76)
Intrusion sets (APT) (1)
-
The MITRE Corporation Confidence 100
[BRONZE BUTLER](https://attack.mitre.org/groups/G0060) is a cyber espionage group with likely Chinese origins that has been active since at least 2008. The group primarily targets Japanese organizations, particularly those in…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (5)
-
Healthcare targets
-
Technology targets
-
Telecommunications targets
-
Air transport targets
-
Energy targets
Countries (14)
-
Pakistan targets
-
Kyrgyzstan targets
-
United Arab Emirates targets
-
Australia targets
-
Belarus targets
-
Bangladesh targets
-
Sri Lanka targets
-
Uzbekistan targets
-
Japan targets
-
Russian Federation targets
-
Kazakhstan targets
-
Tajikistan targets
Indicators (99)
-
stix 100/100· Valid until 01/03/2027 · Source: AlienVault
-
http://89.110.98.234/winload.rarindicatesstix 100/100 Revoked· Valid until 27/12/2025 · Source: AlienVault -
stix 100/100 Revoked· Valid until 05/10/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 15/05/2024 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 01/12/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 27/12/2025 · Source: AlienVault
-
static.opensecurity-legacy.comindicatesstix 100/100 Revoked· Valid until 01/09/2025 · Source: AlienVault -
stix 100/100 Revoked· Valid until 23/09/2025 · Source: AlienVault
-
stix 100/100· Valid until 01/03/2027 · Source: AlienVault
Vulnerabilities (CVE) (4)
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to …
- Published
- 22/10/2025
- Modified
- 21/12/2025
RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file …
- Attack vector
- Local
- Published
- 24/08/2023
- Modified
- 27/05/2026
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this …
- Attack vector
- Physical
- Complexity
- Low
- Published
- 20/05/2026
- Modified
- 04/06/2026
Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl with control …
- Attack vector
- LOCAL
- Published
- 01/08/2025
- Modified
- 09/06/2026
Reports (12)
-
1 CVE 20 MITREs 12 Malwares 6 Observables 1 APT
-
AlienVault Confidence 100 1 CVE 18 MITREs 3 Malwares 27 IOCs 27 Observables
-
AlienVault Confidence 100 11 MITREs 1 Malware 1 APT
-
1 MITRE 2 Malwares 11 Observables
-
19 MITREs 2 Malwares 19 Observables 1 APT
-
17 MITREs 16 Malwares 66 Observables 1 APT
-
3 MITREs 3 Malwares 1 APT
-
18 MITREs 2 Malwares 5 Observables
-
11 MITREs 2 Malwares
-
1 CVE 19 MITREs 3 Malwares 96 Observables 1 APT
-
18 MITREs 3 Malwares 16 Observables
-
10 MITREs 2 Malwares 13 Observables