Candiru

Search IOCs, vulnerabilities, APT…

216.73.217.22

← Back to intrusion sets

· Published 20/12/2025 21:25 · Modified 20/12/2025 21:25 · Source: AlienVault

Essential information

Confidence: 100/100
Published: 20/12/2025 21:25
Modified: 20/12/2025 21:25
Updated at: 20/12/2025 21:25
Revoked: No
Author / Source: AlienVault
Resource level: —
Primary motivation: —
Related entities: 35 attack patterns (mitre), 4 malware, 10 sectors, 20 countries, 59 indicators, 5 vulnerabilities (cve)

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Attack patterns (MITRE) (35)

T1055 uses

Process Injection
T1189 uses

Drive-by Compromise
Exploits uses

T1588.005
T1553.002 uses

Code Signing
T1583.001 uses

Domains
T1203 uses

Exploitation for Client Execution
T1056 uses

Input Capture
T1560 uses

Archive Collected Data
T1608.004 uses

Drive-by Target
T1068 uses

Exploitation for Privilege Escalation
T1140 uses

Deobfuscate/Decode Files or Information
T1123 uses

Audio Capture
T1592 uses

Gather Victim Host Information
T1003 uses

OS Credential Dumping
T1059 uses

Command and Scripting Interpreter
T1589 uses

Gather Victim Identity Information
T1027 uses

Obfuscated Files or Information
T1078 uses

Valid Accounts
T1555 uses

Credentials from Password Stores
T1071.001 uses

Web Protocols
T1584.004 uses

Server
T1014 uses

Rootkit
T1057 uses

Process Discovery
T1005 uses

Data from Local System
T1083 uses

File and Directory Discovery
T1059.005 uses

Visual Basic
T1583.004 uses

Server
T1566 uses

Phishing
T1113 uses

Screen Capture
T1071 uses

Application Layer Protocol
T1566.001 uses

Spearphishing Attachment
T1588.001 uses

Malware
T1190 uses

Exploit Public-Facing Application
T1115 uses

Clipboard Data
T1547 uses

Boot or Logon Autostart Execution

Malware (4)

DevilsTongue
Candiru
Karkadann
CHAINSHOT

Sectors (10)

Embassy targets
Healthcare services targets
Tech targets
Defense targets
Ministries of foreign affairs targets
Electricity targets
Finance targets
Aerospace targets
Media targets
Government targets

Countries (20)

Saudi Arabia targets
China targets
Uzbekistan targets
Palestine targets
Armenia targets
Lebanon targets
Turkey targets
Singapore targets
Indonesia targets
United States of America targets
Iran, Islamic Republic of targets
Israel targets
Yemen targets
Russian Federation targets
United Kingdom of Great Britain and Northern Ireland targets
Spain targets
Azerbaijan targets
Hungary targets
Albania targets
United Arab Emirates targets

Indicators (59)

doubleclick.ac indicates
livesession.bid indicates
rebrandly.site indicates
https://www.smc.gov.ye/wp-includes/js/wp-embed.min.js indicates
url-tiny.co indicates
only-music.net indicates
bootstrapcdn.net indicates
bitly.tw indicates
bitly.bz indicates
bitly.zone indicates
bitly.tel indicates
engagebay.cc indicates
tinyurl.ist indicates
https://rebrandly.site/reconnect-api.php indicates
webfx.cc indicates
https://cuturl.space/1hm39t indicates
livesesion.bid indicates
llink.link indicates
tinyurl.one indicates
webfx.bz indicates
stylishblock.com indicates
integrity-labs.ltd indicates
cuturl.space indicates
bit-ly.site indicates
sitei-mprove.net indicates
bad-shop.net indicates
querylight.net indicates
piwiks.com indicates
fonts-gstatic.net indicates
site-improve.net indicates
shortlinkcut.link indicates
tinyurl.plus indicates
visitortrack.net indicates
medica-tradefair.co indicates
core-update.com indicates
bestcarent.org indicates
expertglobal.org indicates
https://visitortrack.net/sliders.js indicates
sherathis.com indicates
8d486f0c6a0d5089e96f08622047337e387faf63ae858379292a764811e55625 indicates
addthis.events indicates
https://webfex.bz/f/gstats indicates
tinyurl.photos indicates
smartstand.org indicates
hotjar.net indicates
yektenet.com indicates
static-doubleclick.net indicates
code-afsanalytics.com indicates
https://piwiks.com/reconnect.js indicates
webfex.bz indicates
webs-update.com indicates
https://cuturl.space/lty7uw indicates
tinyurl.bz indicates
popsonglist.com indicates
useproof.cc indicates
webffx.bz indicates
https://useproof.cc/1tUAE7A2Jn8WMmq/api indicates
instagrarn.co indicates
datanalytic.org indicates

Vulnerabilities (CVE) (5)

CVE-2021-21166 KEV

Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Published: 03/11/2021
Modified: 21/12/2025

CVE-2022-2294 KEV

WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform …

Published: 25/08/2022
Modified: 20/12/2025

CVE-2021-30551 KEV

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted …

Published: 03/11/2021
Modified: 21/12/2025

CVE-2021-33742 KEV

Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.

Published: 03/11/2021
Modified: 21/12/2025

CVE-2021-1844

8.8 High

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. …

Attack vector: NETWORK
Published: 02/04/2021
Modified: 21/12/2025

Contact About Legal notice Privacy policy Terms of use