216.73.216.36

Indicator (IOC)

stix AlienVault · Published 20/12/2025 19:57 · Modified 02/01/2026 12:01

Essential information

Value / Name
e356dbd3bd62c19fa3ff8943fc73a4fab01a6446f989318b7da4abf48d565af2
Confidence
100/100
Revoked
No
Valid from
21/07/2025 12:34
Valid until
17/07/2026 20:28
Pattern type
stix
Published
20/12/2025 19:57
Modified
02/01/2026 12:01
Author / Source
AlienVault

Description

ConventionEngine_Keyword_Spy

Pattern

[file:hashes.'SHA-256' = 'e356dbd3bd62c19fa3ff8943fc73a4fab01a6446f989318b7da4abf48d565af2']

Labels / Tags

Labels: antivirus exploitation apt apt41 backdoor china cve-2017-17562 cve-2017-9805 cve-2021-44228 cve-2022-26134 dcsync deed rat deedrat dll side-loading dll sideloading domain controllers espionage kelp netagent obfuscation persistence phishing policy influence space pirates

Marking (TLP)

TLP:CLEAR

Related entities

Reports and intrusion sets linked to this IOC.

Intrusion sets (3)

  • APT41 Wicked PandaBrass Typhoon
    The MITRE Corporation Confidence 100

    [APT41](https://attack.mitre.org/groups/G0096) is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, [APT41](https://attack.mitre.org/groups/G0096) has been observed…

    First seen 01/01/1970 · Last seen 16/11/5138 ·
  • Chinese APTs
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 ·
  • Salt Typhoon
    The MITRE Corporation Confidence 100

    [Salt Typhoon](https://attack.mitre.org/groups/G1045) is a People's Republic of China (PRC) state-backed actor that has been active since at least 2019 and responsible for numerous compromises of network infrastructure at…

    First seen 01/01/1970 · Last seen 16/11/5138 ·