8220 Gang

Search IOCs, vulnerabilities, APT…

216.73.216.226

← Back to intrusion sets

· Published 20/12/2025 21:42 · Modified 20/12/2025 21:42 · Source: AlienVault

Essential information

Confidence: 100/100
Published: 20/12/2025 21:42
Modified: 20/12/2025 21:42
Updated at: 20/12/2025 21:42
Revoked: No
Author / Source: AlienVault
Resource level: —
Primary motivation: —
Related entities: 1 reports, 26 attack patterns (mitre), 8 malware, 1 sectors, 2 countries, 89 indicators, 4 vulnerabilities (cve)

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (1)

Hadooken and K4Spreader: The 8220 Gang's Latest Arsenal

3 CVEs 17 MITREs 4 Malwares 62 Observables 1 APT

Attack patterns (MITRE) (26)

T1071.001 uses

Web Protocols MITRE
T1078 uses

Valid Accounts MITRE
T1608 uses

Stage Capabilities MITRE
T1105 uses

Ingress Tool Transfer MITRE
T1027 uses

Obfuscated Files or Information MITRE
T1018 uses

Remote System Discovery MITRE
T1496 uses

Resource Hijacking MITRE
T1132 uses

Data Encoding MITRE
T1525 uses

Implant Internal Image MITRE
T1566 uses

Phishing MITRE
T1021.004 uses

SSH MITRE
T1592 uses

Gather Victim Host Information MITRE

← Previous

Page / 3

13–24 of 26

XMRig uses

Family
PwnRig uses

Family
IRC uses
Hadooken uses

Family
Tsunami IRC uses
Tsunami uses

Family
PureCrypter uses

Family
K4Spreader uses

Family

Sectors (1)

Technology targets

Countries (2)

Brazil targets
China targets

Indicators (89)

bashgo.pw indicates

stix 100/100 Revoked

· Valid until 15/05/2023 · Source: AlienVault
http://154.213.192.44/m1.xml indicates

stix 100/100 Revoked

· Valid until 17/11/2024 · Source: AlienVault
76debe8c6e1cb3c066098cd6e95c5a3e7229c11cc64a62fc366c5e53f592c402 indicates

stix 100/100 Revoked

Unix.Downloader.Rocke-6826000-0 SHA256 of 7fa2baab95c40550164e5bfd4c4057e82a4b41ce

· Valid until 22/10/2023 · Source: AlienVault
givemexyz.in indicates

stix 100/100 Revoked

· Valid until 15/05/2023 · Source: AlienVault
https://app.sekoia.io/intelligence/public/objects/indicator--bd31bdad-81aa-4b3d… indicates

stix 100/100 Revoked

· Valid until 17/11/2024 · Source: AlienVault
https://app.sekoia.io/intelligence/public/objects/indicator--0217a6ba-d55b-436b… indicates

stix 100/100 Revoked

· Valid until 17/11/2024 · Source: AlienVault
pwndns.pw indicates

stix 100/100 Revoked

· Valid until 15/05/2023 · Source: AlienVault
f32185e3b5ed39dc6e9c6a0b8ad3c0c28fda2e96c916d457a50288b26aace0cf indicates

stix 100/100 Revoked

CoinMiner SHA256 of f712066871d6bede64a95a7636795e70fb3f8ac9

· Valid until 22/10/2023 · Source: AlienVault
dw.bpdeliver.ru indicates

stix 100/100 Revoked

· Valid until 06/06/2024 · Source: AlienVault
play.sck-dns.cc indicates

stix 100/100 Revoked

· Valid until 05/09/2025 · Source: AlienVault
https://app.sekoia.io/intelligence/public/objects/indicator--ae387077-65ff-4658… indicates

stix 100/100 Revoked

· Valid until 17/11/2024 · Source: AlienVault
https://app.sekoia.io/intelligence/public/objects/indicator--30b7c383-00bb-41b7… indicates

stix 100/100 Revoked

· Valid until 17/11/2024 · Source: AlienVault

← Previous

Page / 8

1–12 of 89

Vulnerabilities (CVE) (4)

CVE-2019-2725 KEV targets

Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).

Published: 10/01/2022
Modified: 20/12/2025

CVE-2023-46604 KEV targets

10.0 Critical

Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to …

Attack vector: Network
Published: 02/11/2023
Modified: 21/12/2025

CVE-2017-10271 KEV targets

7.5 High

Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution.

Attack vector: NETWORK
Complexity: LOW
Published: 19/10/2017
Modified: 22/04/2026

CWE-306

CVE-2020-14883 KEV targets

Oracle WebLogic Server contains an unspecified vulnerability in the Console component with high impacts to confidentilaity, integrity, and availability.

Published: 03/11/2021
Modified: 20/12/2025

Contact About Legal notice Privacy policy Terms of use