216.73.216.233

Indicator (IOC)

stix Revoked AlienVault · Published 21/12/2025 00:57 · Modified 21/12/2025 06:10

Essential information

Value / Name
01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd
Confidence
100/100
Revoked
Yes
Valid from
28/08/2024 16:04
Valid until
01/12/2025 15:04
Pattern type
stix
Published
21/12/2025 00:57
Modified
21/12/2025 06:10
Author / Source
AlienVault

Description

research_pe_signed_outside_timestamp

Pattern

[file:hashes.'SHA-256' = '01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd']

Labels / Tags

Labels: anydesk authentication blackbyte 2.0 blackbytent byovd cert polska cisa ck techniques cobalt strike cozybear cve-2024-37085 d0nut defense evasion diplomatic orbiter encrypt esxi server exbyte graphicalproton hive mimikatz ncsc powershell powersploit proxyshell vulnerabilities psexec ransomware rclone sftp server sorefang systembc

Marking (TLP)

TLP:CLEAR

Related entities

Reports and intrusion sets linked to this IOC.

Intrusion sets (2)

  • BlackByte Hecamede
    The MITRE Corporation Confidence 100

    [BlackByte](https://attack.mitre.org/groups/G1043) is a ransomware threat actor operating since at least 2021. [BlackByte](https://attack.mitre.org/groups/G1043) is associated with several versions of ransomware also labeled [BlackByte Ransomware](https://attack.mitre.org/software/S1180). [BlackByte](https://attack.mitre.org/groups/G1043) ransomware operations initially used…

    First seen 01/01/1970 · Last seen 16/11/5138 ·
  • Diplomatic Orbiter
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 ·