HeptaX

Search IOCs, vulnerabilities, APT…

216.73.217.22

← Back to intrusion sets

· Published 21/12/2025 07:28 · Modified 21/12/2025 07:28 · Source: AlienVault

Essential information

Confidence: 100/100
Published: 21/12/2025 07:28
Modified: 21/12/2025 07:28
Updated at: 21/12/2025 07:28
Revoked: No
Author / Source: AlienVault
Resource level: —
Primary motivation: —
Related entities: 1 reports, 11 attack patterns (mitre), 1 malware, 1 sectors, 16 indicators, 5 vulnerabilities (cve)

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (1)

Unauthorized RDP Connections For Cyberespionage Operations

11 MITREs 1 Malware 1 APT

Attack patterns (MITRE) (11)

T1059.001 uses

PowerShell MITRE
T1098 uses

Account Manipulation MITRE
T1105 uses

Ingress Tool Transfer MITRE
T1027 uses

Obfuscated Files or Information MITRE
T1566 uses

Phishing MITRE
T1082 uses

System Information Discovery MITRE
T1547.001 uses

Registry Run Keys / Startup Folder MITRE
T1555.003 uses

Credentials from Web Browsers MITRE
T1204.001 uses

Malicious Link MITRE
T1071 uses

Application Layer Protocol MITRE
T1548 uses

Abuse Elevation Control Mechanism MITRE

Malware (1)

ChromePass uses

Family

Sectors (1)

Healthcare targets

Indicators (16)

1d82927ab19db7e9f418fe6b83cf61187d19830b9a7f58072eedfd9bdf628dab indicates
18e75bababa1176ca1b25f727c0362e4bb31ffc19c17e2cabb6519e6ef9d2fe5 indicates
http://157.173.104.153/up/bait/202409_Resident_Care_Quality_Improvement_Strategies_for_Nursing_Homes_Enhancing_Patient_Satisfaction_and_Health_Outcomes.pdf indicates
http://157.173.104.153/up/index.php?uid=$uid&msg=UAC indicates
a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91 indicates

stix 100/100 Revoked

Trojan:Win32/CoinMiner.AQ

· Valid until 28/09/2025 · Source: AlienVault
http://157.173.104.153/up/get-command.php indicates
a8d577bf773f753dfb6b95a3ef307f8b4d9ae17bf86b95dcbb6b2fb638a629b9 indicates
0e2263d4f239a5c39960ffa6b6b688faa7fc3075e130fe0d4599d5b95ef20647 indicates

stix 100/100 Revoked

Trojan.Agent-134041 SHA256 of bbcf7a68f4164a9f5f5cb2d9f30d9790

· Valid until 28/09/2025 · Source: AlienVault
c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0 indicates

stix 100/100 Revoked

sandboxdetect_misc

· Valid until 28/09/2025 · Source: AlienVault
http://157.173.104.153/up/get-command.php?uid= indicates
http://157.173.104.153/up/Tool/ChromePass.exe indicates
6605178dbc4d84e789e435915e86a01c5735f34b7d18d626b2d8810456c4bc72 indicates

← Previous

Page / 2

1–12 of 16

Vulnerabilities (CVE) (5)

CVE-2024-21893 KEV targets

8.2 High

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) …

Attack vector: Network
Published: 31/01/2024
Modified: 27/05/2026

CVE-2021-44228 KEV targets

10.0 Critical

Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

Attack vector: Network
Published: 10/12/2021
Modified: 27/05/2026

CVE-2024-21887 KEV targets

9.1 Critical

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web …

Attack vector: Network
Published: 10/01/2024
Modified: 27/05/2026

CVE-2023-46805 KEV targets

8.2 High

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the …

Attack vector: Network
Published: 10/01/2024
Modified: 27/05/2026

CVE-2017-11882 KEV targets

7.8 High

Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.

Attack vector: Local
Complexity: Low
Published: 15/11/2017
Modified: 29/05/2026

CWE-119

Contact About Legal notice Privacy policy Terms of use