216.73.217.22

Indicator (IOC)

stix AlienVault · Published 20/12/2025 23:40 · Modified 21/12/2025 17:10

Essential information

Value / Name
afb2d4d88f59e528f0e388705113ae54b7b97db4f03a35ae43cc386a48f263a0
Confidence
100/100
Revoked
No
Valid from
04/09/2025 19:54
Valid until
01/09/2026 03:48
Pattern type
stix
Published
20/12/2025 23:40
Modified
21/12/2025 17:10
Author / Source
AlienVault

Description

Win64:TrojanX-gen\ [Trj]

Pattern

[file:hashes.'SHA-256' = 'afb2d4d88f59e528f0e388705113ae54b7b97db4f03a35ae43cc386a48f263a0']

Labels / Tags

Labels: 3proxy andariel apt45 bitcoin clickfix contagiousdrop cryptocurrency cyber espionage dprk h0lygh0st infrastructure monitoring job seeker targeting lazarus maui maui ransomware north korea onyx sleet proton mail rifle rogueye shatteredglass silent chollima social engineering stonefly x-popup

Marking (TLP)

TLP:CLEAR

Related entities

Reports and intrusion sets linked to this IOC.

Intrusion sets (2)

  • APT45
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 ·
  • Contagious Interview Gwisin GangTAG-121
    The MITRE Corporation Confidence 100

    [Contagious Interview](https://attack.mitre.org/groups/G1052) is a North Korea–aligned threat group active since 2023. The group conducts both cyberespionage and financially motivated operations, including the theft of cryptocurrency and user credentials.…

    First seen 01/01/1970 · Last seen 16/11/5138 ·