PondRAT
AlienVault
· Published 20/12/2025 19:46 · Modified 29/05/2026 12:20
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 20/12/2025 19:46
- Modified
- 29/05/2026 12:20
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 45 attack patterns (mitre), 3 intrusion sets (apt), 2 sectors, 71 indicators, 3 vulnerabilities (cve), 4 reports
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (45)
-
T1059.004 usesUnix Shell
-
T1486 usesData Encrypted for Impact
-
T1562.006 usesIndicator Blocking
-
T1057 usesProcess Discovery
-
T1105 usesIngress Tool Transfer
-
T1102 usesWeb Service
-
T1140 usesDeobfuscate/Decode Files or Information
-
T1059 usesCommand and Scripting Interpreter
-
T1543.001 usesLaunch Agent
-
T1518 usesSoftware Discovery
-
T1562.001 usesDisable or Modify Tools
-
T1070 usesIndicator Removal
-
T1083 usesFile and Directory Discovery
-
T1055 usesProcess Injection
-
T1497 usesVirtualization/Sandbox Evasion
-
T1562 usesImpair Defenses
-
T1574.002 uses
-
T1009 uses
-
T1045 uses
-
T1573 usesEncrypted Channel
-
T1071 usesApplication Layer Protocol
-
T1053 usesScheduled Task/Job
-
T1082 usesSystem Information Discovery
-
T1005 usesData from Local System
-
T1560 usesArchive Collected Data
-
T1132 usesData Encoding
-
T1027 usesObfuscated Files or Information
-
T1204.002 usesMalicious File
-
T1195.002 usesCompromise Software Supply Chain
-
T1219 usesRemote Access Tools
-
T1036.004 usesMasquerade Task or Service
-
T1071.001 usesWeb Protocols
-
T1210 usesExploitation of Remote Services
-
T1036 usesMasquerading
-
T1543.003 usesWindows Service
-
T1480.001 usesEnvironmental Keying
-
T1106 usesNative API
-
T1588.002 usesTool
-
T1059.006 usesPython
-
T1543 usesCreate or Modify System Process
-
T1571 usesNon-Standard Port
-
T1041 usesExfiltration Over C2 Channel
-
T1204 usesUser Execution
-
T1027.002 usesSoftware Packing
-
T1564 usesHide Artifacts
Intrusion sets (APT) (3)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 06:57 · Modified 21/12/2025 06:57
-
The MITRE Corporation Confidence 100
[AppleJeus](https://attack.mitre.org/groups/G1049) is a North Korean state-sponsored threat group attributed to the Reconnaissance General Bureau. Associated with the broader [Lazarus Group](https://attack.mitre.org/groups/G0032) umbrella of actors, [AppleJeus](https://attack.mitre.org/groups/G1049) has been active since …
First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:59 -
Lazarus usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 21:17 · Modified 29/05/2026 12:20
Sectors (2)
- Finance targets
- Technology targets
Indicators (71)
-
db6a9934570fa98a93a979e7e0e218e0c9710e5a787b18c6948f2eedd9338984indicates -
event.nameindicates -
7a05188ab0129b0b4f38e2e7599c5c52149ce0131140db33feb251d926428d68indicates -
https://docs.dissect.tools/en/stable/indicates -
f1713afaf5958bdf3e975ebbab8245a98a84e03f8ce52175ef1568de208116e0indicates -
basketsalute.comindicates -
6c121f2b2efa6592c2c22b29218157ec9e63f385e7a1d7425857d603ddef8c59indicates -
99dbc6fe3c3e465052fcefa1642861747dc9e069eeb244589b605bd710b1e0d1indicates -
intelcloudinsights.comindicates -
azureglobalaccelerator.comindicates -
3c8dbfcbb4fccbaf924f9a650a04cb4715f4a58d51ef49cc75bfcef0ac258a3eindicates -
927b3564c1cf884d2a05e1d7bd24362ce8563a1e9b85be776190ab7f8af192f6indicates -
http://www.talesseries.com/write.phpindicates -
jdkgradle.comindicates -
d8565d58ad8e4f5558b5cd70df0ad12be9cf44e32ad07aaac6f65b816edbf414indicates -
contortonset.comindicates -
rgedist.comindicates -
973f7939ea03fd2c9663dafc21bb968f56ed1b9a56b0284acf73c3ee141c053cindicates -
15d53bb839e00405a34a8b690ec181f5555fc4f891b8248ae7fa72bad28315a9indicates -
689cfaa9319f3f7529a31472ecf6b2e0ca6891b736de009e0b6c2ebac958cc94indicates -
8bfa4fe0534c0062393b6a2597c3491f7df3bf2eabfe06544c53bdf1f38db6d4indicates -
5009c7d1590c1f8c05827122172583ddf924c53b55a46826abf66da46725505aindicates -
fee4f9dabc094df24d83ec1a8c4e4ff573e5d9973caa676f58086c99561382d7indicates -
7667d1b8fcc4f712084e3e3f8b4ab505ab150c52aea7b219249ec508b4b0e224indicates -
msdeliverycontent.comindicates -
aes-secure.netindicates -
swissborg.blogindicates -
docs.dissect.toolsindicates -
rebelthumb.netindicates -
globalkeystroke.comindicates -
https://docs.dissect.tools/en/stableindicates -
devicelinkintel.comindicates -
e6bbc33815b9f20b0cf832d7401dd893fbc467c800728b5891336706da0dbcecindicates -
bfd74b4a1b413fa785a49ca4a9c0594441a3e01983fc7f86125376fdbd4acf6bindicates -
6b33d20196267b0d64bca815ca863558d26b17cee77caf62a6cce8eae555ac8dindicates -
3ea2ead8f3cec030906dcbffe3efd5c5d77d5d375d4a54cca03bfe8a6cb59940indicates -
492a643bd1efdaca4ca125ade1b606e7bbf00e995ac9115ac84d1c4c59cb66ddindicates -
aa4a2d1215f864481994234f13ab485b95150161b4566c180419d93dda7ac039indicates -
rentedpushy.comindicates -
c7f4aa77be7f7afe9d0665d3e705dbf7794bc479bb9c44488c7bf4169f8d14feindicates -
a03d13c9825e150810e6e6aaf053d71ec5a53b86581414dd982a74d4a8bc5475indicates -
159471e1abc9adf6733af9d24781fbf27a776b81d182901c2e04e28f3fe2e6f3indicates -
91eaf215be336eae983d069de16630cc3580e222c427f785e0da312d0692d0fdindicates -
prontoposer.comindicates -
c9a7b42c7b29ca948160f95f017e9e9ae781f3b981ecf6edbac943e52c63ffc8indicates -
file.nameindicates -
airbseeker.comindicates -
0b5db31e47b0dccfdec46e74c0e70c6a1684768dbacc9eacbb4fd2ef851994c7indicates -
f3b0da965a4050ab00fce727bb31e0f889a9c05d68d777a8068cfc15a71d3703indicates -
c83c7b000a955f2b8cb92bb112ed606ffd9fbebbe3422f80d90d06b167f2f37bindicates -
c6a48365c3db9761bd60981bdcdd87aced23d8e60067caa30fee501bf4b47b84indicates -
2546d239a262c24a6f8ea01d890cbc459a22db79b379b6ec3b24fbb56efb5381indicates -
5c907b722c53a5be256dc5f96b755bc9e0b032cc30973a52d984d4174bace456indicates -
2360a69e5fd7217e977123c81d3dbb60bf4763a9dae6949bc1900234f7762df1indicates -
levelframeblog.comindicates -
bce1eb513aaac344b5b8f7a9ba9c9e36fc89926d327ee5cc095fb4a895a12f80indicates -
5e40d106977017b1ed235419b1e59ff090e1f43ac57da1bb5d80d66ae53b1df8indicates -
cbf4cfa2d3c3fb04fe349161e051a8cf9b6a29f8af0c3d93db953e5b5dc39c86indicates -
87c5d0c93b80acf61d24e7aaf0faae231ab507ca45483ad3d441b5d1acebc43cindicates -
37f5afb9ed3761e73feb95daceb7a1fdbb13c8b5fc1a2ba22e0ef7994c7920efindicates -
http://rgedist.com/sfxl.phpindicates -
710f15302859c7af1c1e25219d704841b3fdbc48f16a5a574d5ab6cf4f4842e8indicates -
479038eb12ed07893ee0dcc04fbdcf182489bbb271f5a4f90f83874881a80ce3indicates -
a64fa9f1c76457ecc58402142a8728ce34ccba378c17318b3340083eeb7acc67indicates -
akamaicloud.comindicates -
081804b491c70bfa63ecdbe9fd4618d3570706ad8b71dba13e234069648e5e48indicates -
relysudden.comindicates -
www.talesseries.comindicates -
4f6ae0110cf652264293df571d66955f7109e3424a070423b5e50edc3eb43874indicates -
62e040a32aac2d2faa8d2bffa2cf7ab662228cebf9bb78eaa0a633c0b729d119indicates -
63fb47c3b4693409ebadf8a5179141af5cf45a46d1e98e5f763ca0d7d64fb17cindicates
Vulnerabilities (CVE) (3)
CVE-2025-55182
KEV
10.0
Critical
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, …
- Attack vector
- Network
- Published
- 05/12/2025
- Modified
- 29/05/2026
10.0
Critical
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma …
- Attack vector
- NETWORK
- Published
- 29/03/2024
- Modified
- 21/12/2025
CVE-2024-3400
KEV
10.0
Critical
Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges …
- Attack vector
- Network
- Published
- 12/04/2024
- Modified
- 21/12/2025
Reports (4)
-
20 MITREs 6 Malwares 10 Observables 1 APTPublished 25/05/2026 13:00 · Modified 25/05/2026 15:21
-
3 CVEs 22 MITREs 5 Malwares 16 Observables 1 APTPublished 04/05/2026 06:08 · Modified 04/05/2026 14:59
-
20 MITREs 10 Malwares 58 Observables 1 APTPublished 10/09/2024 08:23 · Modified 10/09/2024 08:56
-
Confidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 ToolsPublished 29/05/2026 11:51 · threat-report