216.73.217.22

GhostSec

· Published 21/12/2025 01:35 · Modified 21/12/2025 01:35 · Source: AlienVault

Essential information

Confidence
100/100
Published
21/12/2025 01:35
Modified
21/12/2025 01:35
Updated at
21/12/2025 01:35
Revoked
No
Author / Source
AlienVault
Resource level
Primary motivation
Related entities
14 attack patterns (mitre), 1 malware, 7 sectors, 1 countries, 16 indicators

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Attack patterns (MITRE) (14)

  • T1055 uses
    Process Injection
  • T1056 uses
    Input Capture
  • T1087 uses
    Account Discovery
  • T1059 uses
    Command and Scripting Interpreter
  • T1490 uses
    Inhibit System Recovery
  • Multi-Stage Channels uses
    T1104
  • T1036 uses
    Masquerading
  • T1071 uses
    Application Layer Protocol
  • T1112 uses
    Modify Registry
  • T1083 uses
    File and Directory Discovery
  • T1486 uses
    Data Encrypted for Impact
  • T1027 uses
    Obfuscated Files or Information
  • T1566 uses
    Phishing
  • T1070 uses
    Indicator Removal

Malware (1)

  • GhostLocker

Sectors (7)

  • Transportation targets
  • Energy targets
  • Manufacturing targets
  • Government targets
  • Telecommunications targets
  • Education targets
  • Technology targets

Countries (1)

  • Israel targets

Indicators (16)

  • 9b6be74c2c144f8bcb92c8350855d35c14bb7f2b727551c3dd5c8054c4136e3f indicates
  • a1b468e9550f9960c5e60f7c52ca3c058de19d42eafa760b9d5282eb24b7c55f indicates
  • http://88.218.61.141/incrementLaunches indicates
  • 8fa28795e4cd95e6c78c4a1308ea80674102669f9980b2006599d82eff6237b3 indicates
  • 36760e9bbfaf5a28ec7f85d13c7e8078a4ee4e5168b672639e97037d66eb1d17 indicates
  • 15d874e24caf162bc58597ac5f22716694b5d43cf433bee6a78a0314280f2c80 indicates
  • http://94.103.91.246/incrementLaunch indicates
  • 0e484560a909fc06b9987db73346efa0ca6750d523f2334913c23e061695f5cc indicates
  • http://94.103.91.246/addInfection indicates
  • 8b758ccdfbfa5ff3a0b67b2063c2397531cf0f7b3d278298da76528f443779e9 indicates
  • ee227cd0ef308287bc536a3955fd81388a16a0228ac42140e9cf308ae6343a3f indicates
  • 7e14d88f60fe80f8fa27076566fd77e51c7d04674973a564202b4a7cbfaf2778 indicates
  • http://88.218.62.219/download indicates
  • 663ac2d887df18e6da97dd358ebd2bca55404fd4a1c8c1c51215834fc6d11b33 indicates
  • http://88.218.61.141/add indicates
  • abac31b5527803a89c941cf24280a9653cdee898a7a338424bd3e9b15d792972 indicates