Proton66

Search IOCs, vulnerabilities, APT…

216.73.216.6

← Back to intrusion sets

· Published 21/12/2025 13:38 · Modified 21/12/2025 13:38 · Source: AlienVault

Essential information

Confidence: 100/100
Published: 21/12/2025 13:38
Modified: 21/12/2025 13:38
Updated at: 21/12/2025 13:38
Revoked: No
Author / Source: AlienVault
Resource level: —
Primary motivation: —
Related entities: 2 reports, 25 attack patterns (mitre), 5 malware, 6 sectors, 9 countries, 42 indicators, 5 vulnerabilities (cve)

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (2)

Mass Scanning and Exploit Campaigns

5 CVEs 11 MITREs 1 Malware 22 Observables 1 APT
Proton66: Compromised WordPress Pages and Malware Campaigns

15 MITREs 4 Malwares 48 Observables 1 APT

Attack patterns (MITRE) (25)

T1566 uses

Phishing MITRE
T1078 uses

Valid Accounts MITRE
T1204.001 uses

Malicious Link MITRE
T1567 uses

Exfiltration Over Web Service MITRE
T1083 uses

File and Directory Discovery MITRE
T1074.001 uses

Local Data Staging MITRE
T1595 uses

Active Scanning MITRE
T1082 uses

System Information Discovery MITRE
T1129 uses

Shared Modules MITRE
T1490 uses

Inhibit System Recovery MITRE
T1140 uses

Deobfuscate/Decode Files or Information MITRE
T1204.002 uses

Malicious File MITRE

← Previous

Page / 3

13–24 of 25

Remcos uses

Family
WeaXor uses

Family
SuperBlack uses

Family
XWorm uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Strela Stealer uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

Sectors (6)

Retail targets
Technology targets
Healthcare targets
Manufacturing targets
Government targets
Finance targets

Countries (9)

United States of America targets
Switzerland targets
Greece targets
France targets
Germany targets
Luxembourg targets
Spain targets
Austria targets
Liechtenstein targets

Indicators (42)

http://my-tasjeel-ae.com/getfr.js indicates

stix 100/100 Revoked

· Valid until 02/07/2025 · Source: AlienVault
956934581dfdba96d69b77b14f6ab3228705862b2bd189cd98d6bfb9565d9570 indicates

stix 100/100 Revoked

· Valid until 14/04/2026 · Source: AlienVault
spain-playmarket.com indicates

stix 100/100 Revoked

· Valid until 13/09/2025 · Source: AlienVault
updatestore-spain.com indicates

stix 100/100 Revoked

· Valid until 13/09/2025 · Source: AlienVault
my-tasjeel-ae.com indicates

stix 100/100 Revoked

· Valid until 13/09/2025 · Source: AlienVault
spain-playstores.com indicates

stix 100/100 Revoked

· Valid until 13/09/2025 · Source: AlienVault
7d1de2f4ab7c35b53154dc490ad3e7ad19ff04cfaa10b1828beba1ffadbaf1ab indicates

stix 100/100 Revoked

· Valid until 14/04/2026 · Source: AlienVault
http://www-wpx.net/assets/core.js indicates

stix 100/100 Revoked

· Valid until 02/07/2025 · Source: AlienVault
7f2319f4e340b3877e34d5a06e09365f6356de5706e7a78e367934b8a58ed0e7 indicates

stix 100/100 Revoked

· Valid until 14/04/2026 · Source: AlienVault
a2f0e6f9c5058085eac1c9e7a8b2060b38fd8dbdcba2981283a5e224f346e147 indicates

stix 100/100 Revoked

· Valid until 14/04/2026 · Source: AlienVault
playstors-gr.com indicates

stix 100/100 Revoked

· Valid until 13/09/2025 · Source: AlienVault
playstors-france.com indicates

stix 100/100 Revoked

· Valid until 13/09/2025 · Source: AlienVault

← Previous

Page / 4

1–12 of 42

Vulnerabilities (CVE) (5)

CVE-2024-41713 KEV targets

9.1 Critical

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker …

Attack vector: Network
Published: 07/01/2025
Modified: 21/12/2025

Awaiting Analysis

CVE-2024-55591 KEV targets

9.8 Critical

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through …

Attack vector: Network
Published: 14/01/2025
Modified: 27/05/2026

Analyzed

CVE-2025-24472 KEV targets

8.1 High

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 …

Attack vector: Network
Published: 18/03/2025
Modified: 21/12/2025

Awaiting Analysis

CVE-2024-10914 targets