mimo

Search IOCs, vulnerabilities, APT…

216.73.216.226

← Back to intrusion sets

· Published 21/12/2025 02:49 · Modified 21/12/2025 15:15 · Source: AlienVault

Essential information

Confidence: 100/100
Published: 21/12/2025 02:49
Modified: 21/12/2025 15:15
Updated at: 21/12/2025 15:15
Revoked: No
Author / Source: AlienVault
Resource level: —
Primary motivation: —
Related entities: 2 reports, 26 attack patterns (mitre), 8 malware, 1 sectors, 2 countries, 25 indicators, 10 vulnerabilities (cve)

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (2)

Religious symbols weaponized, group uses Microsoft SharePoint RCE …

4 CVEs 8 MITREs 1 Malware 2 Observables 1 APT
The Sharp Taste of Mimo'lette: Analyzing Mimo's Latest …

2 CVEs 8 MITREs 3 Malwares 8 Observables 1 APT

Attack patterns (MITRE) (26)

T1497 uses

Virtualization/Sandbox Evasion MITRE
T1505.003 uses

Web Shell MITRE
T1140 uses

Deobfuscate/Decode Files or Information MITRE
T1566.001 uses

Spearphishing Attachment MITRE
T1059.004 uses

Unix Shell MITRE
T1083 uses

File and Directory Discovery MITRE
T1059.001 uses

PowerShell MITRE
T1090 uses

Proxy MITRE
T1055 uses

Process Injection MITRE
T1210 uses

Exploitation of Remote Services MITRE
T1562 uses

Impair Defenses MITRE
T1547.001 uses

Registry Run Keys / Startup Folder MITRE

← Previous

Page / 3

1–12 of 26

Mimo uses
IPRoyal uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Mimus uses
CoinMiner uses

Family
Minus Ransomware uses

Family
4L4MD4r uses

Family
XMRig uses

Family
Batch uses

Sectors (1)

Healthcare targets

Countries (2)

Italy targets
Lebanon targets

Indicators (25)

c17e1a22b7bc00e591aede9d101b843ff2e47d5b582bb0628406bbd53b7dac78 indicates

stix 100/100 Revoked

SHA256 of bfa626e053028f9adbfaceb5d56086c3

· Valid until 23/04/2025 · Source: AlienVault
fc04f1ef05847607bce3b0ac3710c80c5ae238dcc7fd842cd15e252c18dd7a62 indicates

stix 100/100 Revoked

· Valid until 24/05/2026 · Source: AlienVault
4a61ac7595350ef0b163787b175cecc4e7ee9774d288770fa0ea0289b1d83548 indicates

stix 100/100 Revoked

SHA256 of c25972604121f4c6a7f8025e4e575c7c

· Valid until 23/04/2025 · Source: AlienVault
https://ice.theinnovationfactory.it/static/4l4md4r.exe indicates

stix 100/100 Revoked

· Valid until 17/09/2025 · Source: AlienVault
91f6f3c11c9a2cfff09dd7be94c2c82314d341d6fb9bc7ac3be04cb235bafc55 indicates

stix 100/100 Revoked

SUSP_ENV_Folder_Root_File_Jan23_1 SHA256 of 5e0f18dfe16f274d34716d011e0a3f39

· Valid until 23/04/2025 · Source: AlienVault
3b326a3e4f0a03db859feeed7e4e3a832acdaeaf8b2cd69ecc0dce73c1a225c9 indicates

stix 100/100 Revoked

SUSP_ENV_Folder_Root_File_Jan23_1 SHA256 of a3ffb336aee9f01275c92ac529c8f70e

· Valid until 23/04/2025 · Source: AlienVault
0aa7571d06532fea194a62091a812557a8f8b8d616ffd923df766a4871f4a918 indicates

stix 100/100 Revoked

___FilesToHash_17jun SHA256 of dd6931fda2df843249a5df40b8808387

· Valid until 23/04/2025 · Source: AlienVault
2c923d8b553bde8ce3167fe83f35a40a712e2bed2b76ebaf5e3e63642d551389 indicates

stix 100/100 Revoked

SHA256 of 61def7b3b98458a40fffa42a19ddf258

· Valid until 23/04/2025 · Source: AlienVault
366b32c15ff2b30da5cafc1407e6dc49aa4bbecffc34c438302022acd1c00b8e indicates

stix 100/100 Revoked

ALF:Trojan:Win32/CoinMiner.D SHA256 of 3edcde37dcecb1b5a70b727ea36521de

· Valid until 23/04/2025 · Source: AlienVault
[email protected] indicates

stix 100/100 Revoked

· Valid until 03/05/2025 · Source: AlienVault
15Jz1fmreZx9wG93DKjTXMhuLpPpCgvEQk indicates

stix 100/100 Revoked

· Valid until 03/05/2025 · Source: AlienVault
n1tr0.online indicates

stix 100/100 Revoked

· Valid until 22/10/2025 · Source: AlienVault

← Previous

Page / 3

1–12 of 25

Vulnerabilities (CVE) (10)

CVE-2022-26134 KEV targets

Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code …

Published: 02/06/2022
Modified: 27/05/2026

CVE-2023-46604 KEV targets

10.0 Critical

Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to …

Attack vector: Network
Published: 02/11/2023
Modified: 21/12/2025

CVE-2025-49706 KEV targets

6.5 Medium

Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow …

Attack vector: Network
Published: 22/07/2025
Modified: 21/12/2025

CVE-2025-49704 KEV targets

8.8 High

Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could …

Attack vector: Network
Published: 22/07/2025
Modified: 21/12/2025

CVE-2022-29464 KEV targets

Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.

Published: 25/04/2022
Modified: 20/12/2025

CVE-2025-53771 targets

6.5 Medium

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing …

Attack vector: NETWORK
Published: 21/07/2025
Modified: 21/12/2025

Received

CVE-2025-53770 KEV targets

9.8 Critical

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware …

Attack vector: Network
Published: 20/07/2025
Modified: 21/12/2025

Analyzed

CVE-2024-46483 targets

9.8 Critical

Xlight FTP Server <3.9.4.3 has an integer overflow vulnerability in the packet parsing logic of the SFTP server, which can lead to …

Attack vector: NETWORK
Published: 23/10/2024
Modified: 21/12/2025

Awaiting Analysis

CVE-2025-32432 KEV targets

10.0 Critical

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before …

Attack vector: NETWORK
Complexity: LOW
Published: 25/04/2025
Modified: 27/03/2026

CWE-94 Received

CVE-2021-44228 KEV targets

10.0 Critical

Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

Attack vector: Network
Published: 10/12/2021
Modified: 27/05/2026

Contact About Legal notice Privacy policy Terms of use

mimo

Essential information

Description

Marking (TLP)

Related entities

Reports (2)

Attack patterns (MITRE) (26)

Malware (8)

Sectors (1)

Countries (2)

Indicators (25)

Vulnerabilities (CVE) (10)