MASEPIE
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 20/12/2025 19:41
- Modified
- 21/12/2025 03:05
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 25 attack patterns (mitre), 3 intrusion sets (apt), 2 sectors, 9 countries, 84 indicators, 5 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (25)
-
T1071 usesApplication Layer Protocol MITRE
-
T1059 usesCommand and Scripting Interpreter MITRE
-
T1503 uses
-
T1021 usesRemote Services MITRE
-
T1568 usesDynamic Resolution MITRE
-
T1140 usesDeobfuscate/Decode Files or Information MITRE
-
T1566 usesPhishing MITRE
-
T1027.002 usesSoftware Packing MITRE
-
T1566.001 usesSpearphishing Attachment MITRE
-
T1003.001 usesLSASS Memory MITRE
-
T1127 usesTrusted Developer Utilities Proxy Execution MITRE
-
T1056 usesInput Capture MITRE
Intrusion sets (APT) (3)
-
ITG05 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT28](https://attack.mitre.org/groups/G0007) is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.(Citation: NSA/FBI Drovorub…
First seen 01/01/1970 · Last seen 16/11/5138 · -
APT 28 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (2)
-
Defense ministries (including the military) targets
-
Government targets
Countries (9)
-
United States of America targets
-
Argentina targets
-
Poland targets
-
South Georgia and the South Sandwich Islands targets
-
Belarus targets
-
Georgia targets
-
Kazakhstan targets
-
Ukraine targets
-
Azerbaijan targets
Indicators (84)
-
http://194.126.178.8/webdav/wody.pdfindicatesstix 100/100 Revoked· Valid until 20/03/2024 · Source: AlienVault -
stix 100/100 Revoked
Trojan:MSIL/OceanMap.A!dha
· Valid until 07/05/2025 · Source: AlienVault -
stix 100/100 Revoked· Valid until 17/05/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 07/05/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 01/04/2025 · Source: AlienVault
-
9e67469d5d54dd0a45a7dd80a2abcb4385311f69indicatesyara 100/100 RevokedDetect Malicious Web page HTML file from CERT-UA#8399
· Valid until 07/05/2025 · Source: AlienVault -
stix 100/100 Revoked· Valid until 07/05/2025 · Source: AlienVault
-
e-presidencia.firstcloudit.comindicatesstix 100/100 Revoked· Valid until 28/06/2025 · Source: AlienVault -
stix 100/100 Revoked· Valid until 20/03/2024 · Source: AlienVault
-
http://194.126.178.8/webdav/wody.zipindicatesstix 100/100 Revoked· Valid until 13/02/2024 · Source: AlienVault -
stix 100/100 Revoked· Valid until 17/05/2025 · Source: AlienVault
Vulnerabilities (CVE) (5)
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
- Attack vector
- Network
- Published
- 15/02/2024
- Modified
- 21/12/2025
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code …
- Attack vector
- NETWORK
- Published
- 03/03/2023
- Modified
- 21/12/2025
Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the …
- Attack vector
- Network
- Published
- 14/03/2023
- Modified
- 21/12/2025
Microsoft Outlook Information Disclosure Vulnerability
- Attack vector
- NETWORK
- Published
- 12/12/2023
- Modified
- 21/12/2025
Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an …
- Attack vector
- Network
- Published
- 06/02/2025
- Modified
- 21/12/2025