216.73.216.233

Indicator (IOC)

stix Revoked AlienVault · Published 21/12/2025 01:47 · Modified 21/12/2025 01:47

Essential information

Value / Name
https://occoman.com/wp-admin/css/colors/ocean/files/files/bossupdate
Confidence
100/100
Revoked
Yes
Valid from
07/11/2023 16:08
Valid until
24/12/2023 16:08
Pattern type
stix
Published
21/12/2025 01:47
Modified
21/12/2025 01:47
Author / Source
AlienVault

Description

ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=fdb92fd0de3892fc2176220c6694f8eee61d4fa3, stripped 0d11eddaf91966691b06ea164eca834848c5cc6276ef8a29ec67cad71ba386e7

Pattern

[url:value = 'https://occoman.com/wp-admin/css/colors/ocean/files/files/bossupdate']

Labels / Tags

Labels: #allakorerat #apt36 #aresrat #cve-2023-38831 #drat #keyrat #sidecopy #winrar action action rat allakore allakore rat apt apt36 ares ares rat backnet capra crimson rat defense download drat india linux margulas oblique rat persistent phishing poseidon powershell

Marking (TLP)

TLP:CLEAR

Related entities

No linked attack reports or intrusion sets yet.