QuietCrabs

Search IOCs, vulnerabilities, APT…

216.73.216.233

← Back to intrusion sets

· Published 21/12/2025 19:13 · Modified 21/12/2025 19:13 · Source: AlienVault

Essential information

Confidence: 100/100
Published: 21/12/2025 19:13
Modified: 21/12/2025 19:13
Updated at: 21/12/2025 19:13
Revoked: No
Author / Source: AlienVault
Resource level: —
Primary motivation: —
Related entities: 1 reports, 17 attack patterns (mitre), 5 malware, 5 sectors, 8 countries, 75 indicators, 4 vulnerabilities (cve)

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (1)

Dragons in Thunder

4 CVEs 17 MITREs 5 Malwares 67 Observables 1 APT

Attack patterns (MITRE) (17)

T1082 uses

System Information Discovery MITRE
T1555 uses

Credentials from Password Stores MITRE
T1078 uses

Valid Accounts MITRE
T1055 uses

Process Injection MITRE
T1036 uses

Masquerading MITRE
T1497 uses

Virtualization/Sandbox Evasion MITRE
T1003 uses

OS Credential Dumping MITRE
T1087 uses

Account Discovery MITRE
T1486 uses

Data Encrypted for Impact MITRE
T1105 uses

Ingress Tool Transfer MITRE
T1136 uses

Create Account MITRE
T1033 uses

System Owner/User Discovery MITRE

← Previous

Page / 2

1–12 of 17

LockBit uses

Family
Babuk - S0638 uses

Family
Sliver uses

Family
Babyk uses

Family
KrustyLoader uses

Family

Sectors (5)

Healthcare targets
Defense targets
Manufacturing targets
Government targets
Technology targets

Countries (8)

Iran, Islamic Republic of targets
United States of America targets
Taiwan targets
Germany targets
Philippines targets
Czechia targets
Russian Federation targets
United Kingdom of Great Britain and Northern Ireland targets

Indicators (75)

check.learnstore.vip indicates
139.59.39.19 indicates
1a17367608e79dba1e63348e5d791ff1658621bf8799b0a81ec7dc26ab0b3b6d indicates
b8e56de3792dbd0f4239b54cfaad7ece3bd42affa4fbbdd7668492de548b5df8 indicates

stix 100/100 Revoked

Win.Malware.Trojanx-10035542-0 SHA256 of 17d65a9d8d40375b5b939b60f21eb06eb17054fc

· Valid until 11/05/2026 · Source: AlienVault
223.76.236.178 indicates
216.45.58.177 indicates
52ec5c307cc5ba5790434bbf334168d22ed8b7e20b304485ee6d27e790b5f62c indicates
138.68.94.205 indicates
15fbedc076f10b630e724ace21f6b7ef34235cf1e304089cd7e4e7047eb149f3 indicates
134.122.25.236 indicates
359eb9d53218b243653bcf9d64fd394302d2ea597dc43ca58289cfd604f12264 indicates
178.128.124.227 indicates

← Previous

Page / 7

1–12 of 75

Vulnerabilities (CVE) (4)

CVE-2021-27065 KEV targets

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Published: 03/11/2021
Modified: 20/12/2025

CVE-2025-4428 KEV targets

7.2 High

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute …

Attack vector: Network
Published: 19/05/2025
Modified: 21/12/2025

CVE-2025-53770 KEV targets

9.8 Critical

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware …

Attack vector: Network
Published: 20/07/2025
Modified: 21/12/2025

Analyzed

CVE-2025-4427 KEV targets

5.3 Medium

Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources …

Attack vector: Network
Published: 19/05/2025
Modified: 21/12/2025

Contact About Legal notice Privacy policy Terms of use