216.73.217.22

Indicator (IOC)

stix Revoked AlienVault · Published 20/12/2025 23:25 · Modified 30/01/2026 09:19

Essential information

Value / Name
2fgithub.com
Confidence
100/100
Revoked
Yes
Valid from
28/03/2025 16:56
Valid until
23/08/2025 17:52
Pattern type
stix
Published
20/12/2025 23:25
Modified
30/01/2026 09:19
Author / Source
AlienVault

Description

No description.

Pattern

[domain-name:value = '2fgithub.com']

Labels / Tags

Labels: accellion fta asia badiis bitm black lotus browser-in-the-middle chinese-speaking cluster cobalt strike cybercrime data theft dll sideloading gotohttp gthost hiatusrat hyperhosting iis iis servers kvbotnet lnk lnk files lua script lumen ip meterpreter mips netgear prosafe payload server persistence phishing powershell

Marking (TLP)

TLP:CLEAR

Related entities

Reports and intrusion sets linked to this IOC.

Intrusion sets (1)

  • Volt Typhoon BRONZE SILHOUETTEVanguard Panda
    The MITRE Corporation Confidence 100

    [Volt Typhoon](https://attack.mitre.org/groups/G1017) is a People's Republic of China (PRC) state-sponsored actor that has been active since at least 2021 primarily targeting critical infrastructure organizations in the US and …

    First seen 01/01/1970 · Last seen 16/11/5138 Published 16/12/2025 19:39 · Modified 04/05/2026 16:33