216.73.216.226

Indicator (IOC)

stix AlienVault · Published 29/01/2026 22:18 · Modified 06/03/2026 20:16

Essential information

Value / Name
5b64786ed92545eeac013be9456e1ff03d95073910742e45ff6b88a86e91901b
Confidence
100/100
Revoked
No
Valid from
29/01/2026 22:08
Valid until
26/01/2027 06:02
Pattern type
stix
Published
29/01/2026 22:18
Modified
06/03/2026 20:16
Author / Source
AlienVault

Description

SUSP_RAR_NTFS_ADS

Pattern

[file:hashes.'SHA-256' = '5b64786ed92545eeac013be9456e1ff03d95073910742e45ff6b88a86e91901b']

Labels / Tags

Labels: amaranth loader apt-41 cve-2025-8088 espionage government havoc c2 havoc c2 framework nestpacker phishing russia southeast asia stockstay telegram rat tgamaranth rat unc4895 windows startup winrar

Marking (TLP)

TLP:CLEAR

Related entities

Reports and intrusion sets linked to this IOC.

Intrusion sets (2)

  • Amaranth-Dragon
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 ·
  • UNC4895
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 ·