216.73.217.22

Cardinal

· Published 05/02/2026 21:39 · Modified 05/02/2026 21:39 · Source: AlienVault

Essential information

Confidence
100/100
Published
05/02/2026 21:39
Modified
05/02/2026 21:39
Updated at
05/02/2026 21:39
Revoked
No
Author / Source
AlienVault
Resource level
Primary motivation
Related entities
1 reports, 14 attack patterns (mitre), 2 malware, 6 indicators, 1 vulnerabilities (cve)

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (1)

Attack patterns (MITRE) (14)

  • T1543 uses
    Create or Modify System Process
  • T1566 uses
    Phishing
  • T1082 uses
    System Information Discovery
  • T1070 uses
    Indicator Removal
  • T1068 uses
    Exploitation for Privilege Escalation
  • T1078 uses
    Valid Accounts
  • T1204 uses
    User Execution
  • T1059 uses
    Command and Scripting Interpreter
  • T1190 uses
    Exploit Public-Facing Application
  • T1133 uses
    External Remote Services
  • T1055 uses
    Process Injection
  • T1562 uses
    Impair Defenses
  • T1486 uses
    Data Encrypted for Impact
  • T1083 uses
    File and Directory Discovery

Malware (2)

  • GotoHTTP uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 29/01/2026 17:47 · Modified 29/01/2026 17:47
  • Black Basta - S1070 uses
    Family
    Published 05/02/2026 20:21 · Modified 05/02/2026 20:21

Indicators (6)

Vulnerabilities (CVE) (1)

CVE-2025-68947
5.7 Medium

NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and …

Attack vector
Local
Published
13/01/2026
Modified
05/02/2026
Awaiting Analysis