GLOBAL GROUP

Search IOCs, vulnerabilities, APT…

216.73.216.6

← Back to intrusion sets

· Published 21/12/2025 15:37 · Modified 21/12/2025 15:37 · Source: AlienVault

Essential information

Confidence: 100/100
Published: 21/12/2025 15:37
Modified: 21/12/2025 15:37
Updated at: 21/12/2025 15:37
Revoked: No
Author / Source: AlienVault
Resource level: —
Primary motivation: —
Related entities: 2 reports, 24 attack patterns (mitre), 3 malware, 2 sectors, 4 countries, 10 indicators, 4 vulnerabilities (cve)

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (2)

Tracking GLOBAL GROUP Ransomware from Mamona to Market …

4 CVEs 3 Malwares 6 Observables 1 APT
Emerging Ransomware-as-a-Service, Supporting AI Driven Negotiation and Mobile …

17 MITREs 9 Observables 1 APT

Attack patterns (MITRE) (24)

T1573 uses

Encrypted Channel MITRE
T1082 uses

System Information Discovery MITRE
T1112 uses

Modify Registry MITRE
T1490 uses

Inhibit System Recovery MITRE
T1046 uses

Network Service Discovery MITRE
T1562.001 uses

Disable or Modify Tools MITRE
T1021.001 uses

Remote Desktop Protocol MITRE
T1071.001 uses

Web Protocols MITRE
T1568 uses

Dynamic Resolution MITRE
T1078.004 uses

Cloud Accounts MITRE
T1566 uses

Phishing MITRE
T1110 uses

Brute Force MITRE

← Previous

Page / 2

1–12 of 24

Mamona RIP uses

Family
Black Lock uses

Family
GLOBAL GROUP uses

Family

Sectors (2)

Healthcare targets
Legal targets

Countries (4)

United Kingdom of Great Britain and Northern Ireland targets
Australia targets
Brazil targets
United States of America targets

Indicators (10)

1f6640102f6472523830d69630def669dc3433bbb1c0e6183458bd792d420f8e indicates
gdbkvfe6g3whrzkdlbytksygk45zwgmnzh5i2xmqyo3mrpipysjagqyd.onion indicates
vg6xwkmfyirv3l6qtqus7jykcuvgx6imegb73hqny2avxccnmqt5m2id.onion indicates
a8c28bd6f0f1fe6a9b880400853fc86e46d87b69565ef15d8ab757979cd2cc73 indicates
b5e811d7c104ce8dd2509f809a80932540a21ada0ee9e22ac61d080dc0bd237d indicates
http://vg6xwkmfyirv3l6qtqus7jykcuvgx6imegb73hqny2avxccnmqt5m2id.onion/ indicates
http://vg6xwkmfyirv3l6qtqus7jykcuvgx6imegb73hqny2avxccnmqt5m2id.onion/\n indicates
28f3de066878cb710fe5d44f7e11f65f25328beff953e00587ffeb5ac4b2faa8 indicates
http://gdbkvfe6g3whrzkdlbytksygk45zwgmnzh5i2xmqyo3mrpipysjagqyd.onion/ indicates
232f86e26ced211630957baffcd36dd3bcd6a786f3d307127e1ea9a8b31c199f indicates

Vulnerabilities (CVE) (4)

CVE-2025-32433 KEV targets

10.0 Critical

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may …

Attack vector: Network
Published: 09/06/2025
Modified: 27/05/2026

Received

CVE-2025-22457 KEV targets

9.0 Critical

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before …

Attack vector: Network
Published: 04/04/2025
Modified: 21/12/2025

Received

CVE-2024-57727 KEV targets

7.5 High

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary …

Attack vector: Network
Published: 13/02/2025
Modified: 21/12/2025

Modified

CVE-2025-31324 KEV targets

10.0 Critical

SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries …

Attack vector: Network
Published: 29/04/2025
Modified: 21/12/2025

Received

Contact About Legal notice Privacy policy Terms of use

GLOBAL GROUP

Essential information

Description

Marking (TLP)

Related entities

Reports (2)

Attack patterns (MITRE) (24)

Malware (3)

Sectors (2)

Countries (4)

Indicators (10)

Vulnerabilities (CVE) (4)