216.73.217.22

Indicator (IOC)

stix AlienVault · Published 21/12/2025 19:33 · Modified 08/06/2026 10:53

Essential information

Value / Name
320a0b5d4900697e125cebb5ff03dee7368f8f087db1c1570b0b62f5a986d759
Confidence
100/100
Revoked
No
Valid from
05/12/2025 20:54
Valid until
02/12/2026 04:48
Pattern type
stix
Published
21/12/2025 19:33
Modified
08/06/2026 10:53
Author / Source
AlienVault

Description

MAL_G_APT_Backdoor_BRICKSTORM_3

Pattern

[file:hashes.'SHA-256' = '320a0b5d4900697e125cebb5ff03dee7368f8f087db1c1570b0b62f5a986d759']

Labels / Tags

Labels: backdoor backup scan brickstorm c2 china cve-2026-22769 dell dell recoverpoint grimbolt lateral movement linux patch persistence recoverpoint root access sentinel silk typhoon slaystyle socks proxy ssh systemconfiguration unc5221 vcenter verdantbamboo vmware vpxd vulnerability windows zero-day

Marking (TLP)

TLP:CLEAR

Related entities

Reports and intrusion sets linked to this IOC.

Intrusion sets (3)

  • UNC5221
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 04:58 · Modified 21/12/2025 04:58
  • UNC6201
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 18/02/2026 17:40 · Modified 18/02/2026 17:40
  • VerdantBamboo
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 08/06/2026 10:53 · Modified 08/06/2026 10:53