216.73.216.36

Indicator (IOC)

stix Revoked AlienVault · Published 21/12/2025 02:10 · Modified 21/12/2025 07:13

Essential information

Value / Name
4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6
Confidence
100/100
Revoked
Yes
Valid from
18/09/2024 10:31
Valid until
14/09/2025 18:24
Pattern type
stix
Published
21/12/2025 02:10
Modified
21/12/2025 07:13
Author / Source
AlienVault

Description

SUSP_XORed_URL_in_EXE

Pattern

[file:hashes.'SHA-256' = '4d4df87cf8d8551d836f67fbde4337863bac3ff6b5cb324675054ea023b12ab6']

Labels / Tags

Labels: aes256 asm guard connectwise cve-2023-48788 cyrillic script ioctl code jscript medusa ransomware powershell ransomware ransomware-as-a-service (raas) safengine shielden telegram vbscript wmi

Marking (TLP)

TLP:CLEAR

Related entities

Reports and intrusion sets linked to this IOC.

Intrusion sets (1)

  • medusa
    Ransomware.Live Confidence 100

    No description available

    First seen 01/01/1970 · Last seen 16/11/5138 ·