216.73.217.22

Matrix

· Published 21/12/2025 08:35 · Modified 21/12/2025 08:35 · Source: AlienVault

Essential information

Confidence
100/100
Published
21/12/2025 08:35
Modified
21/12/2025 08:35
Updated at
21/12/2025 08:35
Revoked
No
Author / Source
AlienVault
Resource level
Primary motivation
Related entities
1 reports, 17 attack patterns (mitre), 3 malware, 2 sectors, 2 countries, 7 indicators, 11 vulnerabilities (cve)

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (1)

Attack patterns (MITRE) (17)

  • T1005 uses
    Data from Local System
  • T1543 uses
    Create or Modify System Process
  • T1036 uses
    Masquerading
  • T1046 uses
    Network Service Discovery
  • T1573 uses
    Encrypted Channel
  • T1078 uses
    Valid Accounts
  • T1102 uses
    Web Service
  • T1496 uses
    Resource Hijacking
  • T1110 uses
    Brute Force
  • T1562.001 uses
    Disable or Modify Tools
  • T1498 uses
    Network Denial of Service
  • T1135 uses
    Network Share Discovery
  • T1190 uses
    Exploit Public-Facing Application
  • SSH Hijacking uses
    T1563.001
  • T1554 uses
    Compromise Host Software Binary
  • T1210 uses
    Exploitation of Remote Services
  • T1059.006 uses
    Python

Malware (3)

  • Mirai uses
    Family
    Published 21/05/2026 23:03 · Modified 21/05/2026 23:03
  • DiscordGo uses
    Family
    Published 27/11/2024 18:19 · Modified 27/11/2024 18:19
  • PYbot uses
    Family
    Published 27/11/2024 18:19 · Modified 27/11/2024 18:19

Sectors (2)

  • Technology targets
  • Telecommunications targets

Countries (2)

  • China targets
  • Japan targets

Indicators (7)

Vulnerabilities (CVE) (11)

CVE-2018-10561 KEV

Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.

Published
31/03/2022
Modified
20/12/2025
CVE-2014-8361 KEV
9.8 Critical

Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via …

Attack vector
NETWORK
Complexity
LOW
Published
01/05/2015
Modified
22/04/2026
CVE-2022-30525 KEV

A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and …

Published
16/05/2022
Modified
20/12/2025
CVE-2022-30075
8.8 High

In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code …

Attack vector
NETWORK
Published
09/06/2022
Modified
21/12/2025
CVE-2017-17106
10.0 Critical

Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This …

Published
19/12/2017
Modified
13/05/2026
CVE-2021-20090 KEV

Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This …

Published
03/11/2021
Modified
21/12/2025
CVE-2018-10562 KEV

Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution.

Published
31/03/2022
Modified
20/12/2025
CVE-2024-27348 KEV
9.8 Critical

RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended …

Attack vector
Network
Published
18/09/2024
Modified
21/12/2025
Awaiting Analysis
CVE-2017-18368 KEV

Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user …

Published
07/08/2023
Modified
20/12/2025