PcShare
AlienVault
· Published 20/12/2025 20:12 · Modified 20/12/2025 20:12
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 20/12/2025 20:12
- Modified
- 20/12/2025 20:12
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 25 attack patterns (mitre), 4 sectors, 5 countries, 25 indicators, 1 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (25 / 48)
-
T1057 usesProcess Discovery
-
T1033 usesSystem Owner/User Discovery
-
T1574 usesHijack Execution Flow
-
T1069 usesPermission Groups Discovery
-
T1021 usesRemote Services
-
T1071 usesApplication Layer Protocol
-
T1569 usesSystem Services
-
T1040 usesNetwork Sniffing
-
T1090 usesProxy
-
T1553 usesSubvert Trust Controls
-
T1218 usesSystem Binary Proxy Execution
-
T1087 usesAccount Discovery
-
T1049 usesSystem Network Connections Discovery
-
T1059 usesCommand and Scripting Interpreter
-
T1566 usesPhishing
-
T1083 usesFile and Directory Discovery
-
T1571 usesNon-Standard Port
-
T1555 usesCredentials from Password Stores
-
T1547 usesBoot or Logon Autostart Execution
-
T1106 usesNative API
-
T1082 usesSystem Information Discovery
-
T1560 usesArchive Collected Data
-
T1132 usesData Encoding
-
T1543 usesCreate or Modify System Process
-
T1027 usesObfuscated Files or Information
Sectors (4)
- Government targets
- Energy targets
- Finance targets
- Aerospace targets
Countries (5)
- Russian Federation targets
- Kyrgyzstan targets
- Kazakhstan targets
- Georgia targets
- Mongolia targets
Indicators (25 / 100)
-
1c0cf69bce6fb6ec59be3044d35d3a130acddbbf9288d7bc58b7bb87c0a4fb97indicates -
datacertsecure.infoindicates -
micro.dns04.comindicates -
0ecd7741dbdfa0707ccd8613a5ea91e62ab187313dd07d41760c87ed42649793indicates -
429b6c5d380589f2d654a79ea378db118db4c1fd1d399456af08e807d552e428indicates -
84b8bfe8161da581a88c0ac362318827d4c28edb057e23402523d3c93a5b3429indicates -
bamo.ocry.comindicates -
1a4cc1c66082f4bb10b917bc434ecc9e7e4f92877fd42e3fbe5e8a96154318f5indicates -
2e35a1599b58e76167f2235d46840cc973dc49a6f14c0c2a2e91310a2fe2c2ddindicates -
f96adc9e046ecc6f22d3ba9cfea47a4af75bcba369f454b7a9c8d7ca3d423ac4indicates -
a8a16168af9dcdc4b34d8817b430a76275338dbbda32328520a4669dbe56e91bindicates -
761557ecc63ec5fbc2e3573f61a860bd8967f04818be25893361c63409ab5af0indicates -
f42f8896183d298a6ecd2c3fa78393bf7e58bc33ab7994e35346a57cbe2e2521indicates -
d011130defd8b988ab78043b30a9f7e0cada5751064b3975a19f4de92d2c0025indicates -
3e57ca992c235b68027cb62740d8e86a3294ac0ebcff4a2683b29bdaec016646indicates -
update.flashplayeractivex.infoindicates -
js.journal.itsaol.comindicates -
apple-corp.changeip.orgindicates -
fssprus.dns04.comindicates -
444d376d251911810f3f4b75923313b3726050153d50ad59deff5a0b8b1ada20indicates -
8932c2d1ed0ae1f64d9cff4942f08699b4a7b1b30f45626d7bc46c8c51f8a420indicates -
go.vegispaceshop.orgindicates -
6bc77fa21232460c1b0c89000e7d45fe42e7723d075b752359c28a473d8dd1fdindicates -
7b7a65c314125692524d588553da7f6ab3179ceb639f677ed1cefe3f1d03f36eindicates -
tombstone.kozow.comindicates
Vulnerabilities (CVE) (1)
CVE-2017-0213
KEV
7.3
High
Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 12/05/2017
- Modified
- 22/04/2026