216.73.216.6

Indicator (IOC)

stix AlienVault · Published 21/12/2025 15:46 · Modified 21/12/2025 16:06

Essential information

Value / Name
92bb4ddb98eeaf11fc15bb32e71d0a63256a0ed826a03ba293ce3a8bf057a514
Confidence
100/100
Revoked
No
Valid from
22/07/2025 00:45
Valid until
18/07/2026 08:39
Pattern type
stix
Published
21/12/2025 15:46
Modified
21/12/2025 16:06
Author / Source
AlienVault

Description

WEBSHELL_ASP_Runtime_Compile SHA256 of f5b60a8ead96703080e73a1f79c3e70ff44df271

Pattern

[file:hashes.'SHA-256' = '92bb4ddb98eeaf11fc15bb32e71d0a63256a0ed826a03ba293ce3a8bf057a514']

Labels / Tags

Labels: apt authentication bypass backdoor china-aligned chinese threat actors cryptographic keys cve cve-2025-49704 cve-2025-49706 cve-2025-53770 cve-2025-53771 cybersecurity deserialization education exploit chain exploitation government healthcare in-memory payload microsoft sharepoint msil/webshell.js on-premises patch rce remote code execution sharepoint spoofing threat detection toolshell unauthenticated attacks

Marking (TLP)

TLP:CLEAR

Related entities

Reports and intrusion sets linked to this IOC.

Intrusion sets (2)

  • Linen Typhoon, Violet Typhoon, Storm-2603
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 ·
  • Threat Group-3390 Earth SmilodonTG-3390
    The MITRE Corporation Confidence 100

    [Threat Group-3390](https://attack.mitre.org/groups/G0027) is a Chinese threat group that has extensively used strategic Web compromises to target victims.(Citation: Dell TG-3390) The group has been active since at least 2010…

    First seen 01/01/1970 · Last seen 16/11/5138 ·