8220 Gang

Search IOCs, vulnerabilities, APT…

216.73.216.6

← Back to intrusion sets

· Published 20/12/2025 21:42 · Modified 20/12/2025 21:42 · Source: AlienVault

Essential information

Confidence: 100/100
Published: 20/12/2025 21:42
Modified: 20/12/2025 21:42
Updated at: 20/12/2025 21:42
Revoked: No
Author / Source: AlienVault
Resource level: —
Primary motivation: —
Related entities: 1 reports, 26 attack patterns (mitre), 8 malware, 1 sectors, 2 countries, 89 indicators, 4 vulnerabilities (cve)

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (1)

Hadooken and K4Spreader: The 8220 Gang's Latest Arsenal

3 CVEs 17 MITREs 4 Malwares 62 Observables 1 APT

Attack patterns (MITRE) (26)

T1110 uses

Brute Force MITRE
TA0003 uses

MITRE
T1569 uses

System Services MITRE
T1036 uses

Masquerading MITRE
T1016 uses

System Network Configuration Discovery MITRE
T1543 uses

Create or Modify System Process MITRE
T1059 uses

Command and Scripting Interpreter MITRE
T1595 uses

Active Scanning MITRE
T1053 uses

Scheduled Task/Job MITRE
T1021 uses

Remote Services MITRE
T1082 uses

System Information Discovery MITRE
T1190 uses

Exploit Public-Facing Application MITRE

← Previous

Page / 3

1–12 of 26

XMRig uses

Family
PwnRig uses

Family
IRC uses
Hadooken uses

Family
Tsunami IRC uses
Tsunami uses

Family
PureCrypter uses

Family
K4Spreader uses

Family

Sectors (1)

Technology targets

Countries (2)

Brazil targets
China targets

Indicators (89)

bashgo.pw indicates

stix 100/100 Revoked

· Valid until 15/05/2023 · Source: AlienVault
http://154.213.192.44/m1.xml indicates

stix 100/100 Revoked

· Valid until 17/11/2024 · Source: AlienVault
76debe8c6e1cb3c066098cd6e95c5a3e7229c11cc64a62fc366c5e53f592c402 indicates

stix 100/100 Revoked

Unix.Downloader.Rocke-6826000-0 SHA256 of 7fa2baab95c40550164e5bfd4c4057e82a4b41ce

· Valid until 22/10/2023 · Source: AlienVault
givemexyz.in indicates

stix 100/100 Revoked

· Valid until 15/05/2023 · Source: AlienVault
https://app.sekoia.io/intelligence/public/objects/indicator--bd31bdad-81aa-4b3d… indicates

stix 100/100 Revoked

· Valid until 17/11/2024 · Source: AlienVault
https://app.sekoia.io/intelligence/public/objects/indicator--0217a6ba-d55b-436b… indicates

stix 100/100 Revoked

· Valid until 17/11/2024 · Source: AlienVault
pwndns.pw indicates

stix 100/100 Revoked

· Valid until 15/05/2023 · Source: AlienVault
f32185e3b5ed39dc6e9c6a0b8ad3c0c28fda2e96c916d457a50288b26aace0cf indicates

stix 100/100 Revoked

CoinMiner SHA256 of f712066871d6bede64a95a7636795e70fb3f8ac9

· Valid until 22/10/2023 · Source: AlienVault
dw.bpdeliver.ru indicates

stix 100/100 Revoked

· Valid until 06/06/2024 · Source: AlienVault
play.sck-dns.cc indicates

stix 100/100 Revoked

· Valid until 05/09/2025 · Source: AlienVault
https://app.sekoia.io/intelligence/public/objects/indicator--ae387077-65ff-4658… indicates

stix 100/100 Revoked

· Valid until 17/11/2024 · Source: AlienVault
https://app.sekoia.io/intelligence/public/objects/indicator--30b7c383-00bb-41b7… indicates

stix 100/100 Revoked

· Valid until 17/11/2024 · Source: AlienVault

← Previous

Page / 8

1–12 of 89

Vulnerabilities (CVE) (4)

CVE-2019-2725 KEV targets

Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).

Published: 10/01/2022
Modified: 20/12/2025

CVE-2023-46604 KEV targets

10.0 Critical

Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to …

Attack vector: Network
Published: 02/11/2023
Modified: 21/12/2025

CVE-2017-10271 KEV targets

7.5 High

Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution.

Attack vector: NETWORK
Complexity: LOW
Published: 19/10/2017
Modified: 22/04/2026

CWE-306

CVE-2020-14883 KEV targets

Oracle WebLogic Server contains an unspecified vulnerability in the Console component with high impacts to confidentilaity, integrity, and availability.

Published: 03/11/2021
Modified: 20/12/2025

Contact About Legal notice Privacy policy Terms of use