216.73.217.22

SPAWNSLOTH

AlienVault · Published 21/12/2025 08:44 · Modified 21/12/2025 08:44

Essential information

Confidence
100/100
Is family
No
Published
21/12/2025 08:44
Modified
21/12/2025 08:44
Revoked
No
Author / Source
AlienVault
Related entities
31 attack patterns (mitre), 2 intrusion sets (apt), 17 indicators, 4 vulnerabilities (cve), 3 reports

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.

Attack patterns (MITRE) (31)

  • T1003 uses
    OS Credential Dumping
  • T1571 uses
    Non-Standard Port
  • T1190 uses
    Exploit Public-Facing Application
  • T1105 uses
    Ingress Tool Transfer
  • T1543.003 uses
    Windows Service
  • T1562.004 uses
    Disable or Modify System Firewall
  • T1082 uses
    System Information Discovery
  • T1021.001 uses
    Remote Desktop Protocol
  • T1505.003 uses
    Web Shell
  • T1562.002 uses
    Disable Windows Event Logging
  • T1053.005 uses
    Scheduled Task
  • T1068 uses
    Exploitation for Privilege Escalation
  • T1553.004 uses
    Install Root Certificate
  • T1078 uses
    Valid Accounts
  • T1574.006 uses
    Dynamic Linker Hijacking
  • T1112 uses
    Modify Registry
  • T1213 uses
    Data from Information Repositories
  • T1055 uses
    Process Injection
  • T1070.004 uses
    File Deletion
  • T1205 uses
    Traffic Signaling
  • T1557 uses
    Adversary-in-the-Middle
  • T1140 uses
    Deobfuscate/Decode Files or Information
  • T1070.002 uses
    Clear Linux or Mac System Logs
  • T1014 uses
    Rootkit
  • T1059.004 uses
    Unix Shell
  • T1036 uses
    Masquerading
  • T1059 uses
    Command and Scripting Interpreter
  • T1027.002 uses
    Software Packing
  • T1133 uses
    External Remote Services
  • T1027 uses
    Obfuscated Files or Information
  • T1055.012 uses
    Process Hollowing

Intrusion sets (APT) (2)

  • UNC5337 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 08:44 · Modified 21/12/2025 08:44
  • UNC5221 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 04:58 · Modified 21/12/2025 04:58

Indicators (17)

Vulnerabilities (CVE) (4)

CVE-2025-0282 KEV
9.0 Critical

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …

Attack vector
Network
Published
08/01/2025
Modified
21/12/2025
Analyzed
CVE-2024-21887 KEV
9.1 Critical

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web …

Attack vector
Network
Published
10/01/2024
Modified
27/05/2026
CVE-2023-46805 KEV
8.2 High

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the …

Attack vector
Network
Published
10/01/2024
Modified
27/05/2026
CVE-2025-0283
7.0 High

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA …

Attack vector
LOCAL
Published
09/01/2025
Modified
21/12/2025
Analyzed

Reports (3)