216.73.217.22

Indicator (IOC)

stix AlienVault · Published 13/04/2026 17:17 · Modified 09/06/2026 11:00

Essential information

Value / Name
2a8ea9f1ad8936fb302243faa64b91c5767df411923715cbdb1a869e3bfd7e6d
Confidence
100/100
Revoked
No
Valid from
13/04/2026 17:03
Valid until
10/04/2027 00:57
Pattern type
stix
Published
13/04/2026 17:17
Modified
09/06/2026 11:00
Author / Source
AlienVault

Description

No description.

Pattern

[file:hashes.'SHA-256' = '2a8ea9f1ad8936fb302243faa64b91c5767df411923715cbdb1a869e3bfd7e6d']

Labels / Tags

Labels: credential theft cve-2025-6218 cve-2025-8088 data exfiltration gammasteel giftedcrook giftedcrook stealer hta infection chain information stealer phishing campaign powershell payload rc4 encryption russia-aligned threats stealer ukraine targeting winrar exploitation

Marking (TLP)

TLP:CLEAR

Related entities

Reports and intrusion sets linked to this IOC.

Attack reports (2)

Intrusion sets (2)

  • SHADOW-EARTH-066, Earth Dahu
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 09/06/2026 11:00 · Modified 09/06/2026 11:00
  • UAC-0226
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 14:34 · Modified 21/12/2025 14:34