216.73.216.6

Indicator (IOC)

stix Revoked AlienVault · Published 20/12/2025 23:47 · Modified 20/12/2025 23:47

Essential information

Value / Name
7943bf9cc7b2adf50f7f92dd37347381e6d0aef23b34a3cd0a3afcda1d72e16d
Confidence
100/100
Revoked
Yes
Valid from
30/03/2023 00:40
Valid until
02/07/2024 00:40
Pattern type
stix
Published
20/12/2025 23:47
Modified
20/12/2025 23:47
Author / Source
AlienVault

Description

#TrojanDownloader:O97M/Bartallex.gen!A SHA256 of 636f2c20183b45691b742949d49b3d6c218c9cce

Pattern

[file:hashes.'SHA-256' = '7943bf9cc7b2adf50f7f92dd37347381e6d0aef23b34a3cd0a3afcda1d72e16d']

Labels / Tags

Labels: android backdoor bypass user code signing crypto mining espionage ingress tool install digital mshta phishing run keys

Marking (TLP)

TLP:CLEAR

Related entities

Reports and intrusion sets linked to this IOC.

Intrusion sets (1)

  • Kimsuky Black BansheeVelvet Chollima
    The MITRE Corporation Confidence 100

    [Kimsuky](https://attack.mitre.org/groups/G0094) is a North Korea-based cyber espionage group that has been active since at least 2012. The group initially targeted South Korean government agencies, think tanks, and subject-matter…

    First seen 01/01/1970 · Last seen 16/11/5138 ·