HeptaX

Search IOCs, vulnerabilities, APT…

216.73.216.6

← Back to intrusion sets

· Published 21/12/2025 07:28 · Modified 21/12/2025 07:28 · Source: AlienVault

Essential information

Confidence: 100/100
Published: 21/12/2025 07:28
Modified: 21/12/2025 07:28
Updated at: 21/12/2025 07:28
Revoked: No
Author / Source: AlienVault
Resource level: —
Primary motivation: —
Related entities: 1 reports, 11 attack patterns (mitre), 1 malware, 1 sectors, 16 indicators, 5 vulnerabilities (cve)

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (1)

Unauthorized RDP Connections For Cyberespionage Operations

11 MITREs 1 Malware 1 APT

Attack patterns (MITRE) (11)

T1059.001 uses

PowerShell MITRE
T1098 uses

Account Manipulation MITRE
T1105 uses

Ingress Tool Transfer MITRE
T1027 uses

Obfuscated Files or Information MITRE
T1566 uses

Phishing MITRE
T1082 uses

System Information Discovery MITRE
T1547.001 uses

Registry Run Keys / Startup Folder MITRE
T1555.003 uses

Credentials from Web Browsers MITRE
T1204.001 uses

Malicious Link MITRE
T1071 uses

Application Layer Protocol MITRE
T1548 uses

Abuse Elevation Control Mechanism MITRE

Malware (1)

ChromePass uses

Family

Sectors (1)

Healthcare targets

Indicators (16)

http://157.173.104.153/up/scheduler-oncex indicates
http://157.173.104.153/up/index.php indicates
999f521ac605427945035a6d0cd0a0847f4a79413a4a7b738309795fd21d3432 indicates
4b127e7b83148bfbe56bd83e4b95b2a4fdb69e1c9fa4e0c021a3bfb7b02d8a16 indicates

← Previous

Page / 2

13–16 of 16

Vulnerabilities (CVE) (5)

CVE-2024-21893 KEV targets

8.2 High

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) …

Attack vector: Network
Published: 31/01/2024
Modified: 27/05/2026

CVE-2021-44228 KEV targets

10.0 Critical

Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

Attack vector: Network
Published: 10/12/2021
Modified: 27/05/2026

CVE-2024-21887 KEV targets

9.1 Critical

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web …

Attack vector: Network
Published: 10/01/2024
Modified: 27/05/2026

CVE-2023-46805 KEV targets

8.2 High

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the …

Attack vector: Network
Published: 10/01/2024
Modified: 27/05/2026

CVE-2017-11882 KEV targets

7.8 High

Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.

Attack vector: Local
Complexity: Low
Published: 15/11/2017
Modified: 29/05/2026

CWE-119

Contact About Legal notice Privacy policy Terms of use