ITG05

Search IOCs, vulnerabilities, APT…

216.73.216.233

← Back to intrusion sets

· Published 21/12/2025 03:42 · Modified 21/12/2025 03:43 · Source: AlienVault

Essential information

Confidence: 100/100
Published: 21/12/2025 03:42
Modified: 21/12/2025 03:43
Updated at: 21/12/2025 03:43
Revoked: No
Author / Source: AlienVault
Resource level: —
Primary motivation: —
Related entities: 17 attack patterns (mitre), 3 malware, 7 countries, 33 indicators, 5 vulnerabilities (cve)

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Attack patterns (MITRE) (17)

T1027.002 uses

Software Packing MITRE
T1027 uses

Obfuscated Files or Information MITRE
T1056 uses

Input Capture MITRE
T1059 uses

Command and Scripting Interpreter MITRE
T1003 uses

OS Credential Dumping MITRE
T1071.004 uses

DNS MITRE
T1071.001 uses

Web Protocols MITRE
T1566.001 uses

Spearphishing Attachment MITRE
T1071 uses

Application Layer Protocol MITRE
T1568 uses

Dynamic Resolution MITRE
T1140 uses

Deobfuscate/Decode Files or Information MITRE
T1568.002 uses

Domain Generation Algorithms MITRE

← Previous

Page / 2

1–12 of 17

MASEPIE uses
OCEANMAP uses
STEELHOOK uses

Countries (7)

Kazakhstan targets
Argentina targets
Belarus targets
United States of America targets
South Georgia and the South Sandwich Islands targets
Ukraine targets
Georgia targets

Indicators (33)

ua-calendar.firstcloudit.com indicates
eecommission.firstcloudit.com indicates
nas-files.firstcloudit.com indicates
calendarua.firstcloudit.com indicates
e-military.firstcloudit.com indicates
e-nas.firstcloudit.com indicates
e-gov-am.firstcloudit.com indicates
calendar-ua.firstcloudit.com indicates
40a7fd89b9e51b0a515ac2355036d203357be90a2200b9c506b95c12db54c7aa indicates
presidencia-files.firstcloudit.com indicates
451f3d427ac21632f38619ef96dece25798918866d44fe82ff1ed30996f998dc indicates
gcsd.firstcloudit.com indicates

← Previous

Page / 3

1–12 of 33

Vulnerabilities (CVE) (5)

CVE-2023-35636 targets

6.5 Medium

Microsoft Outlook Information Disclosure Vulnerability

Attack vector: NETWORK
Published: 12/12/2023
Modified: 21/12/2025

CVE-2024-21413 KEV targets

9.8 Critical

Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an …

Attack vector: Network
Published: 06/02/2025
Modified: 21/12/2025

CVE-2023-20078 targets

9.8 Critical

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code …

Attack vector: NETWORK
Published: 03/03/2023
Modified: 21/12/2025

CVE-2023-23397 KEV targets

9.8 Critical

Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the …

Attack vector: Network
Published: 14/03/2023
Modified: 21/12/2025

CVE-2024-21410 KEV targets

9.8 Critical

Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.

Attack vector: Network
Published: 15/02/2024
Modified: 21/12/2025

Contact About Legal notice Privacy policy Terms of use

ITG05

Essential information

Description

Marking (TLP)

Related entities

Attack patterns (MITRE) (17)

Malware (3)

Countries (7)

Indicators (33)

Vulnerabilities (CVE) (5)