216.73.217.80

Indicator (IOC)

stix Revoked AlienVault · Published 20/12/2025 19:40 · Modified 21/12/2025 01:19

Essential information

Value / Name
https://ocmtancmi2c5t.xyz/82z2fn2afo/b3/update.msi
Confidence
100/100
Revoked
Yes
Valid from
01/09/2023 15:37
Valid until
18/10/2023 15:37
Pattern type
stix
Published
20/12/2025 19:40
Modified
21/12/2025 01:19
Author / Source
AlienVault

Description

Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 14:06:51 2020, Security: 0, Code page: 1252, Revision Number: {94224AA3-26E6-468B-88D7-094689CA5B5B}, Number of Words: 10, Subject: Installation Assistant S54FCF1E7-E6A4-478B-u7tmn7rcpfvzbyy, Author: p9mc6m, Last Saved By: p9mc6m, Name of Creating Application: Installation Assistant S54FCF1E7-E6A4-478B-u7tmn7rcpfvzbyy, Template: ;1 4fc609aab3c404ae776ebdd60f1dbf1d0f0b3aa7aeace20b61b8c64335fd06c9

Pattern

[url:value = 'https://ocmtancmi2c5t.xyz/82z2fn2afo/b3/update.msi']

Labels / Tags

Labels: amadey defense evasion fake update idat injector idat loader lumma msi downloader msi package

Marking (TLP)

TLP:CLEAR

Related entities

No linked attack reports or intrusion sets yet.