IOX
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 04/05/2026 15:59
- Modified
- 04/05/2026 15:59
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 19 attack patterns (mitre), 1 intrusion sets (apt), 4 sectors, 9 countries, 63 indicators, 5 vulnerabilities (cve), 1 reports
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (19)
-
T1047 usesWindows Management Instrumentation
-
T1071.001 usesWeb Protocols
-
T1190 usesExploit Public-Facing Application
-
T1053.005 usesScheduled Task
-
T1505.003 usesWeb Shell
-
T1574.002 uses
-
T1003.001 usesLSASS Memory
-
T1114.002 usesRemote Email Collection
-
T1018 usesRemote System Discovery
-
T1021.006 usesWindows Remote Management
-
T1003.006 usesDCSync
-
T1560.001 usesArchive via Utility
Intrusion sets (APT) (1)
-
SHADOW-EARTH-053 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 04/05/2026 15:59 · Modified 04/05/2026 15:59
Sectors (4)
- Technology targets
- Government targets
- Defense targets
- Transportation targets
Countries (9)
- Taiwan targets
- Poland targets
- Sri Lanka targets
- British Indian Ocean Territory targets
- Pakistan targets
- Thailand targets
- India targets
- Myanmar targets
- Malaysia targets
Indicators (63)
-
update.kaspersky.icuindicates -
zimbra-beta.infoindicates -
news.kaspersky.icuindicates -
9dda789b85fce6294f91a79b7271a93de36dfcef21fc680dc2bf4235141e47dfindicates -
a65483b86847995a67de0fcb2a5487cdbc96361cb2e9dea8ab74005c8fef65ceindicates -
www.kaspersky.icuindicates -
eff699456ed4c5938d53afdb8df0836d7cb953ed933ed1a2899ec43f6f9e540bindicates -
2dd93edc8cc64747a7ca94b6827dc4e5b1e385d493ed4450272dd1dfc52a6255indicates -
23c2ebc8f9bac96b2fbbb9b00b457c48d65a9f66ec24fbfba339eeefd0539ad7indicates -
75d0d5080afd091114818d082babc418ccb43d545d9fda1fb715af6c129b6e51indicates -
2e8f9fd8213d9f69044101cd029fd1797ec7afbcad40bb1f04eb93d881c04cd2indicates -
zimbra.lifeindicates
Vulnerabilities (CVE) (5)
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, …
- Attack vector
- Network
- Published
- 05/12/2025
- Modified
- 29/05/2026
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
- Published
- 03/11/2021
- Modified
- 21/12/2025
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
- Published
- 03/11/2021
- Modified
- 20/12/2025
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
- Published
- 03/11/2021
- Modified
- 20/12/2025
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
- Published
- 03/11/2021
- Modified
- 21/12/2025
Reports (1)
-
5 CVEs 19 MITREs 7 Malwares 44 Observables 1 APTPublished 30/04/2026 19:11 · Modified 04/05/2026 14:01