216.73.217.22

RansomHub

· Published 21/12/2025 04:35 · Modified 21/12/2025 04:35 · Source: AlienVault

Essential information

Confidence
100/100
Published
21/12/2025 04:35
Modified
21/12/2025 04:35
Updated at
21/12/2025 04:35
Revoked
No
Author / Source
AlienVault
Resource level
Primary motivation
Related entities
7 reports, 72 attack patterns (mitre), 20 malware, 16 sectors, 3 countries, 89 indicators, 9 vulnerabilities (cve)

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (7)

Attack patterns (MITRE) (72)

  • T1098 uses
    Account Manipulation
  • T1036.004 uses
    Masquerade Task or Service
  • T1055 uses
    Process Injection
  • Exploits uses
    T1588.005
  • T1562.004 uses
    Disable or Modify System Firewall
  • T1003 uses
    OS Credential Dumping
  • T1578 uses
    Modify Cloud Compute Infrastructure
  • T1059.001 uses
    PowerShell
  • T1222 uses
    File and Directory Permissions Modification
  • T1090 uses
    Proxy
  • T1048 uses
    Exfiltration Over Alternative Protocol
  • T1486 uses
    Data Encrypted for Impact
  • T1570 uses
    Lateral Tool Transfer
  • T1078 uses
    Valid Accounts
  • T1072 uses
    Software Deployment Tools
  • T1087.002 uses
    Domain Account
  • T1083 uses
    File and Directory Discovery
  • T1105 uses
    Ingress Tool Transfer
  • T1048.003 uses
    Exfiltration Over Unencrypted Non-C2 Protocol
  • T1059.005 uses
    Visual Basic
  • T1562.001 uses
    Disable or Modify Tools
  • T1583 uses
    Acquire Infrastructure
  • T1566 uses
    Phishing
  • T1069.001 uses
    Local Groups
  • T1553.002 uses
    Code Signing
  • T1018 uses
    Remote System Discovery
  • T1055.001 uses
    Dynamic-link Library Injection
  • T1562 uses
    Impair Defenses
  • T1047 uses
    Windows Management Instrumentation
  • T1571 uses
    Non-Standard Port
  • T1553 uses
    Subvert Trust Controls
  • T1027.002 uses
    Software Packing
  • T1210 uses
    Exploitation of Remote Services
  • T1053.005 uses
    Scheduled Task
  • T1027 uses
    Obfuscated Files or Information
  • T1489 uses
    Service Stop
  • T1490 uses
    Inhibit System Recovery
  • T1059.003 uses
    Windows Command Shell
  • T1046 uses
    Network Service Discovery
  • T1114 uses
    Email Collection
  • T1087 uses
    Account Discovery
  • T1082 uses
    System Information Discovery
  • T1059.006 uses
    Python
  • Password Spraying uses
    T1110.003
  • T1537 uses
    Transfer Data to Cloud Account
  • T1482 uses
    Domain Trust Discovery
  • T1556 uses
    Modify Authentication Process
  • T1070 uses
    Indicator Removal
  • T1140 uses
    Deobfuscate/Decode Files or Information
  • T1087.001 uses
    Local Account
  • T1505.003 uses
    Web Shell
  • T1048.002 uses
    Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1016 uses
    System Network Configuration Discovery
  • T1204 uses
    User Execution
  • T1136 uses
    Create Account
  • T1003.001 uses
    LSASS Memory
  • T1069.002 uses
    Domain Groups
  • T1070.001 uses
    Clear Windows Event Logs
  • T1059 uses
    Command and Scripting Interpreter
  • T1036 uses
    Masquerading
  • T1190 uses
    Exploit Public-Facing Application
  • T1068 uses
    Exploitation for Privilege Escalation
  • T1218 uses
    System Binary Proxy Execution
  • T1021 uses
    Remote Services
  • T1219 uses
    Remote Access Tools
  • T1021.001 uses
    Remote Desktop Protocol
  • T1133 uses
    External Remote Services
  • T1204.002 uses
    Malicious File
  • T1003.006 uses
    DCSync
  • T1053 uses
    Scheduled Task/Job
  • T1567 uses
    Exfiltration Over Web Service
  • T1592 uses
    Gather Victim Host Information

Malware (20)

  • Knight uses
    Family
    Published 06/06/2024 07:46 · Modified 06/06/2024 07:46
  • Metasploit uses
    Family
    Published 03/02/2026 08:21 · Modified 03/02/2026 08:21
  • SocGholish uses
    Family
    Published 12/06/2026 21:29 · Modified 12/06/2026 21:29
  • Qilin uses
    Family
    Published 09/06/2026 15:50 · Modified 09/06/2026 15:50
  • DragonForce uses
    Family
    Published 16/06/2026 14:44 · Modified 16/06/2026 14:44
  • Cyclops Blink - S0687 uses
    Family
    Published 28/01/2026 13:31 · Modified 28/01/2026 13:31
  • ScRansom uses
    Family
    Published 27/03/2025 11:03 · Modified 27/03/2025 11:03
  • AVKiller uses
    Family
    Published 07/08/2025 18:57 · Modified 07/08/2025 18:57
  • Snatch uses
    Family
    Published 06/06/2024 07:46 · Modified 06/06/2024 07:46
  • mimikatz uses
    Family
    Published 11/05/2026 16:15 · Modified 11/05/2026 16:15
  • Cobalt Strike - S0154 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:39 · Modified 27/05/2026 21:40
  • EDRKillShifter uses
    Family
    Published 19/03/2026 15:28 · Modified 19/03/2026 15:28
  • Grixba uses
    Family
    Published 05/06/2025 13:24 · Modified 05/06/2025 13:24
  • Brave Prince - S0252 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 06:47 · Modified 21/12/2025 06:47
  • BlackSuit uses
    Family
    Published 07/08/2025 18:57 · Modified 07/08/2025 18:57
  • Lynx uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 10:04 · Modified 21/12/2025 10:04
  • RansomHub uses
    Family
    Published 07/08/2025 18:57 · Modified 07/08/2025 18:57
  • MedusaLocker uses
    Family
    Published 07/08/2025 18:57 · Modified 07/08/2025 18:57
  • Crytox uses
    Family
    Published 07/12/2025 14:07 · Modified 07/12/2025 14:07
  • SystemBC uses
    Family
    Published 12/06/2026 21:29 · Modified 12/06/2026 21:29

Sectors (16)

  • Manufacturing targets
  • Commercial Facilities targets
  • Finance targets
  • Healthcare targets
  • Government targets
  • Hospitality targets
  • Technology targets
  • Emergency Services targets
  • Food and Agriculture targets
  • Road transport targets
  • Telecommunications targets
  • Critical Manufacturing targets
  • Transportation targets
  • Legal targets
  • Information Technologies Consulting targets
  • Water and Wastewater targets

Countries (3)

  • United States of America targets
  • China targets
  • Cuba targets

Indicators (89)

  • 22e2f183175ec02d1bb8bf32f1731d77fa855f24b588dffb398ac741f91e1698 indicates
  • 2f3d82f7f8bd9ff2f145f9927be1ab16f8d7d61400083930e36b6b9ac5bbe2ad indicates
  • e5e418da909f73050b0b38676f93ca8f0551981894e2120fb50e8f03f4e2df4f indicates
  • e14ba0fb92e16bb7db3b1efac4b13aee178542c6994543e7535d8efaa589870c indicates
  • b8c1f3d24f0282c84ed599147462d4031df43cd4fceef38afcee4b3fc8f16e7b indicates
  • 34e479181419efd0c00266bef0210f267beaa92116e18f33854ca420f65e2087 indicates
  • 7114288232e469ff368418005049cf9653fe5c1cdcfcd63d668c558b0a3470f2 indicates
  • 4686bf07db10376fb4c8ce3b729c4ab60d89b454fc57feb39f9607cb43a081d9 indicates
  • a96a0ba7998a6956c8073b6eff9306398cc03fb9866e4cabf0810a69bb2a43b2 indicates
  • samuelelena.co indicates
  • 77e089dfeb1d114d4171e461e0c4f36b895ed8ef5ee23e8b243bdf491837b5b6 indicates
  • 422800c5553ec5444f7ec593805e0cf4622921d6d5cb3da3a511007047a24721 indicates
  • 02e9f0fbb7f3acea4fcf155dc7813e15c1c8d1c77c3ae31252720a9fa7454292 indicates
  • 5baf5445c4b22c645ff6d509a744e0b6c96fe5c5ea84ed471421af890cfd8533 indicates
  • ce1ba2a584c7940e499194972e1bd6f829ffbae2ecf2148cdb03ceeca906d151 indicates
  • f51397bb18e166c933fe090320ec23397fed73b68157ce86406db9f07847d355 indicates
  • 15cd13e0cad20394ec1405748e4bd50e3f27313c6274aee098c4eb0ede970b4c indicates
  • 3fbe5a1ed857a6736e061a6850706f9e8a7e881f024bff044df1c34795b89bf4 indicates
  • 0b4295bcd7bf850fea2b1bc09f652da028af33d625b11781ac875c603a52e5a8 indicates
  • 927e3aef03a8355d236230cace376b3023480a40c5ac08453c07dab343dd1f11 indicates
  • 25117dcb2d852df15fe44c5757147e7038f289e6156b0f6ab86d02c0e97328cb indicates
  • fb9f9734d7966d6bc15cce5150abb63aadd4223924800f0b90dc07a311fb0a7e indicates
  • aa99b6c308d07acac8c7066c29d44442054815e62ea9a3f21cc22cdec0080bc8 indicates
  • f11930cb70556941b6e3c8530956f1381a4cdbd1e3fe8e9f363487a73b45a9c0 indicates
  • f982dfc0a0984f317460ca6d27d72ad6b3274b58cb7cf984e1c3e6f001e1edf8 indicates
  • 4775dfb24f85f5d776f538018a98cc6a9853a1840f5c00b7d0c54695f03a11d9 indicates
  • a2d071da4bfc6bd9cd576a922d1677160f03c9bf7bd65e8f96c78cbb1068d41c indicates
  • a44aa98dd837010265e4af1782b57989de07949f0c704a6325f75af956cc85de indicates
  • 7e19a1ca2144051c9cd66440b4fe54fbb01aee6a86fd196f5d0b67f04d19a18a indicates
  • 9165d4f3036919a96b86d24b64d75d692802c7513f2b3054b20be40c212240a5 indicates
  • df6cb5199c272c491b3a7ac44df6c4c279d23f7c09daed758c831b26732a4851 indicates
  • [email protected] indicates
  • 2d823c8b6076e932d696e8cb8a2c5c5df6d392526cba8e39b64c43635f683009 indicates
  • 10c1b292e67b22b5d91071185e33597a242c8dea6a7a523befab5922e3002285 indicates
  • bbab99faba116f5dd2ad138f036787e56141e1b4c6368d8852743fe7c78948ce indicates
  • 48e6e071b70566bc9fabbbff995946076b410f5459356b65051ae10e04fe512f indicates
  • 12301230.co indicates
  • 36e5be9ed3ec960b40b5a9b07ba8e15d4d24ca6cd51607df21ac08cda55a5a8e indicates
  • e6309fdb03313dd1b62467684a49692de5c27bbc3c17e65e2010cfbf686a4bf3 indicates
  • i.ibb.com indicates
  • ae35a3ee27cb81230a3f546253641bece5f4f6b72490e26fd3d019fbcb4b8ec1 indicates
  • 595cd80f8c84bc443eff619add01b86b8839097621cdd148f30e7e2214f2c8cb indicates
  • 597d4011deb4f08540e10d1419b5cbdfb38506ed53a5c0ccfb12f96c74f4a7a1 indicates
  • 147dee11a406a86dd9b42982c091e8acbaca13614edb75f447cbaffb23017a90 indicates
  • c793304fabb09bb631610f17097b2420ee0209bab87bb2e6811d24b252a1b05d indicates
  • 6fc26e8ac9c44a8e461a18b20929f345f8cfc86e9a454eae3509084cf6ece3be indicates
  • 05f8f514d1367aca856564af5443a75f47d22a30ce63f0b024a41e6b9553a527 indicates
  • e1ed281c521ad72484c7e5e74e50572b48ea945543c6bcbd480f698c2812cdfe indicates
  • ddf23db6881e42e65440c26a208c9175ad705c708f0a5d8426a2636bad79777c indicates
  • aae2e7f4feb75a61c98a727a9da9c3eba213e9e43aa7c9e81e2b3c2f6439b908 indicates
  • efb642ad3fab4a2e6cb4de829b60e04dd0d9ae7c2b4cf544de28c38f978b4136 indicates
  • 40031.co indicates
  • af7d822da46d777b512a90ee982a7661d8a6c78f9bd1f3d34ce38ef2b44117e6 indicates
  • 8f59b4f0f53031c555ef7b2738d3a94ed73568504e6c07aa1f3fa3f1fd786de7 indicates
  • f628acbbddfb015f192f3743cdf6d67ea260dbae6dfb42794b52f01de3c28f31 indicates
  • d2939cd18c9072488767520be081fef71d560896c6293b6633cab099fcd238ae indicates
  • 56add2f70df9a1cb46b675e928a15d3769e2060059f4bb286fa217a2ec930ca5 indicates
  • bdaea3d46444373d7107d62270c0358b82569fbf5d66e6dd7c90faf53308f477 indicates
  • e654ef69635ab6a2c569b3f8059b06aee4bce937afb275ad4ec77c0e4a712f23 indicates
  • 6d5f086f742883c0905a0c9593d332762c9b73016b87d933161cbdb97b3cf1ca indicates
  • 5089fd6ce6d8c0fca8d9c4af7441ee9198088bfba6e200e27fe30d3bc0c6401c indicates
  • 7539bd88d9bb42d280673b573fc0f5783f32db559c564b95ae33d720d9034f5a indicates
  • 3a6d5694eec724726efa3327a50fad3efdc623c08d647b51e51cd578bddda3da indicates
  • 45f9d530edb5c71c24d7787ba0f12743d0ecf042ba9e96922364bbacbb32927c indicates
  • f60c3942b4247f5da17dbfd7cc92250f0107f8d259a8644a2988c5699751ea2f indicates
  • d1347f4dccebf2fcd672dcef9c66c91b9d3f12b9881e3e390626927718fda616 indicates
  • 27502080db7fc2815afb6e19c5cbb3206cd80863d19f97644519fa1c1c343a7b indicates
  • 875f4fd64c50e293859e04396e6342fd93695c3f21606596cf982a9205e92fd9 indicates
  • ffd09a5c27938d1f7424ed66d1474cfeb3df72daabdf10e09f161ed1ffd21271 indicates
  • a3938d9639148406d218835f1e1f0afcfbd566de3849b61a51fdcc54d100abba indicates
  • 53d22250ff5b90f84875c2a3e9a74ba7155909fffe866f31a17d6654ae34b765 indicates
  • 43cd3f8675e25816619f77b047ea5205b6491137c5b77cce058533a07bdc9f98 indicates
  • 49ed990459486e569cd1428b045baff1e61b86cdeef84a75384b5f7f46bd678e indicates
  • 5ec67fc827c2335c31303238b439822addf52552c9895478cb27840e252b6029 indicates
  • 5c8f53bd9eb13ac07ca5190ed0946c9feb5c73627bf5c0c9e79b28626310ad90 indicates
  • e6e25beb6adc8a2ae8f10f7f4fc8c0acbf779ed3846c6ebc5361db35eae5c77e indicates
  • 0eaa413dc13bc846258e5b4670142bea20e567065b7f4bbc135fe62d93878160 indicates
  • 4aa0456c7f0ad4d85324ab135d55641b15245b58e681efcaba319e605c5bed07 indicates
  • 467e49f1f795c1b08245ae621c59cdf06df630fc1631dc0059da9a032858a486 indicates
  • ec45ebd938e363e36cacb42e968a960fbe4e21ced511f0ea2c0790b743ff3c67 indicates
  • 1c1c7a3305e87bf58eb116a09167c1135f3ba23aaca5c0bfcd1b545510ac271c related
  • 104b22a45e4166a5473c9db924394e1fe681ef374970ed112edd089c4c8b83f2 related
  • c56feeb27a58d24e9f53319513c838e22e92124aa1ef24d977c7ab12b7c5c9c3 related
  • ea9f0bd64a3ef44fe80ce1a25c387b562a6b87c4d202f24953c3d9204386cf00 related
  • 61557a55ad40b8c40f363c4760033ef3f4178bf92ce0db657003e718dffd25bd related
  • 2073d94af0aa560c11e3399d2b83a720ee373a46ccf835486e57c37e3d1d9a25 related
  • f1c37f93d000134b4bfe439add26f3c146958dd87b230123d58790fedce6336a related
  • 5e423483165666976997e17b9834b9f6bd0da6c4b0da23f45584203f7c08fe4c related
  • 2912be03b75dab3131f41d658e149b64c089839052472e36f5f13f193bf16253 related

Vulnerabilities (CVE) (9)

CVE-2020-0787 KEV

Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this …

Published
28/01/2022
Modified
21/12/2025
CVE-2017-0144 KEV
8.8 High

The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.

Attack vector
NETWORK
Complexity
LOW
Published
17/03/2017
Modified
22/04/2026
CVE-2023-22515 KEV
9.8 Critical

Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts …

Attack vector
Network
Published
05/10/2023
Modified
21/12/2025
CVE-2023-27997 KEV
9.8 Critical

Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or …

Attack vector
Network
Published
13/06/2023
Modified
21/12/2025
CVE-2023-46604 KEV
10.0 Critical

Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to …

Attack vector
Network
Published
02/11/2023
Modified
21/12/2025
CVE-2020-1472 KEV
5.5 Medium

Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a …

Attack vector
Local
Published
03/11/2021
Modified
27/05/2026
CVE-2023-48788 KEV
9.8 Critical

Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.

Attack vector
Network
Published
25/03/2024
Modified
21/12/2025
CVE-2023-3519 KEV
9.8 Critical

Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution.

Attack vector
Network
Published
19/07/2023
Modified
27/05/2026
CVE-2023-46747 KEV
9.8 Critical

F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow …

Attack vector
Network
Published
31/10/2023
Modified
21/12/2025