216.73.217.22

Indicator (IOC)

stix AlienVault · Published 20/12/2025 19:33 · Modified 21/12/2025 19:02

Essential information

Value / Name
912018ab3c6b16b39ee84f17745ff0c80a33cee241013ec35d0281e40c0658d9
Confidence
100/100
Revoked
No
Valid from
27/10/2025 10:54
Valid until
23/10/2026 19:48
Pattern type
stix
Published
20/12/2025 19:33
Modified
21/12/2025 19:02
Author / Source
AlienVault

Description

HackTool:Win32/Mimikatz.D

Pattern

[file:hashes.'SHA-256' = '912018ab3c6b16b39ee84f17745ff0c80a33cee241013ec35d0281e40c0658d9']

Labels / Tags

Labels: active directory adfind anydesk aspxspy avoslocker badpotato birddog bitlocker black basta china chopper cobalt strike cobaltstrike dalbit dll sideloading dnscmd exploits & vulnerabilities fin7 fscan godzilla groupware landongo log4shell manufacturing mimikatz nmap ntdsutil powershell powertrash printnightmare procdump

Marking (TLP)

TLP:CLEAR

Related entities

Reports and intrusion sets linked to this IOC.

Intrusion sets (3)

  • Dalbit
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 ·
  • FIN7 GOLD NIAGARAITG14
    The MITRE Corporation Confidence 100

    [FIN7](https://attack.mitre.org/groups/G0046) is a financially-motivated threat group that has been active since 2013. [FIN7](https://attack.mitre.org/groups/G0046) has targeted the retail, restaurant, hospitality, software, consulting, financial services, medical equipment, cloud services, media,…

    First seen 01/01/1970 · Last seen 16/11/5138 ·
  • Qilin
    Ransomware.Live Confidence 100

    Qilin ransomware was first observed in July of 2022. Qilin Ransomware is written in Golang and supports multiple encryption modes; all of which are controlled by the operator.…

    First seen 01/01/1970 · Last seen 16/11/5138 ·