216.73.216.6

Indicator (IOC)

stix Revoked AlienVault · Published 20/12/2025 19:43 · Modified 30/01/2026 18:51

Essential information

Value / Name
chaingrown.com
Confidence
100/100
Revoked
Yes
Valid from
04/09/2025 19:54
Valid until
30/01/2026 18:50
Pattern type
stix
Published
20/12/2025 19:43
Modified
30/01/2026 18:51
Author / Source
AlienVault

Description

No description.

Pattern

[domain-name:value = 'chaingrown.com']

Labels / Tags

Labels: apt clickfix comebacker contagiousdrop cross-platform cryptocurrency cyber espionage fake companies infrastructure monitoring job seeker targeting lazarus malware moonstone sleet north korea pycryptoconf pycryptoenv pypi python quasarlib ransomware social engineering supply chain swapmempool typosquatting

Marking (TLP)

TLP:CLEAR

Related entities

Reports and intrusion sets linked to this IOC.

Intrusion sets (2)

  • APT-C-26 (Lazarus)
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 ·
  • Moonstone Sleet Storm-1789
    The MITRE Corporation Confidence 100

    [Moonstone Sleet](https://attack.mitre.org/groups/G1036) is a North Korean-linked threat actor executing both financially motivated attacks and espionage operations. The group previously overlapped significantly with another North Korean-linked entity, [Lazarus Group](https://attack.mitre.org/groups/G0032),…

    First seen 01/01/1970 · Last seen 16/11/5138 ·