216.73.216.6

Indicator (IOC)

stix AlienVault · Published 20/12/2025 19:58 · Modified 27/03/2026 01:11

Essential information

Value / Name
5a88a15a1d764e635462f78a0cd958b17e6d22c716740febc114a408eef66705
Confidence
100/100
Revoked
No
Valid from
03/09/2025 19:31
Valid until
31/08/2026 03:25
Pattern type
stix
Published
20/12/2025 19:58
Modified
27/03/2026 01:11
Author / Source
AlienVault

Description

No description.

Pattern

[file:hashes.'SHA-256' = '5a88a15a1d764e635462f78a0cd958b17e6d22c716740febc114a408eef66705']

Labels / Tags

Labels: apt28 backdoor c2 critical infrastructure cve-2026-21509 cve-2026-21513 dll side-loading dll sideloading exfiltration minidoor nato notdoor obfuscation outlook outlook macros persistence powershell prismex prismexdrop prismexloader prismexstager registry modification steganography supply chain ukraine vba macro

Marking (TLP)

TLP:CLEAR

Related entities

Reports and intrusion sets linked to this IOC.

Intrusion sets (1)

  • APT28 (Fancy Bear)
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 ·