216.73.217.22

TEMP.Hermit

· Published 20/12/2025 23:34 · Modified 20/12/2025 23:34 · Source: AlienVault

Essential information

Confidence
100/100
Published
20/12/2025 23:34
Modified
20/12/2025 23:34
Updated at
20/12/2025 23:34
Revoked
No
Author / Source
AlienVault
Resource level
Primary motivation
Related entities
20 attack patterns (mitre), 6 malware, 3 sectors, 2 countries, 25 indicators

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Attack patterns (MITRE) (20)

  • T1133 uses
    External Remote Services
  • T1574 uses
    Hijack Execution Flow
  • T1547 uses
    Boot or Logon Autostart Execution
  • T1560 uses
    Archive Collected Data
  • T1036 uses
    Masquerading
  • T1566 uses
    Phishing
  • T1553 uses
    Subvert Trust Controls
  • T1027 uses
    Obfuscated Files or Information
  • T1140 uses
    Deobfuscate/Decode Files or Information
  • T1055 uses
    Process Injection
  • T1056 uses
    Input Capture
  • T1102 uses
    Web Service
  • T1059 uses
    Command and Scripting Interpreter
  • T1105 uses
    Ingress Tool Transfer
  • Multi-Stage Channels uses
    T1104
  • T1070 uses
    Indicator Removal
  • T1573 uses
    Encrypted Channel
  • T1115 uses
    Clipboard Data
  • T1113 uses
    Screen Capture
  • T1562 uses
    Impair Defenses

Malware (6)

  • TOUCHSHIFT
  • LIDSHOT
  • LIGHTSHIFT
  • SIDESHOW
  • PLANKWALK
  • LIDSHIFT

Sectors (3)

  • Media targets
  • Defense targets
  • Technology targets

Countries (2)

  • United States of America targets
  • Korea, Republic of targets

Indicators (25 / 40)

  • 318ebae17599da88f559ecd2d16add02e4f608d9 indicates
  • www.fainstec.com indicates
  • bee21f2ee8dc32ded744ae728fe499bbb0b23b07 indicates
  • olidhealth.com indicates
  • 7724cbae651cbd782aae247b4f91ef7982b34047 indicates
  • ee5057da3e38b934dae15644c6eb24507fb5a187630c75725075b24a70065452 indicates
  • https://sede.lamarinadevalencia.com/tablonEdictal/layout/contentLayout.jsp indicates
  • ce501fd5c96223fb17d3fed0da310ea121ad83c463849059418639d211933aa4 indicates
  • crickethighlights.today indicates
  • www.ruscheltelefonia.com.br indicates
  • 71d27fe64df4fdc82153f246f3f55c5ac0a16287 indicates
  • http://mantis.quick.net.pl/library/securimage/index.php indicates
  • mantis.quick.net.pl indicates
  • www.keewoom.co.kr indicates
  • https://crickethighlights.today/wp-content/plugins/contact.php indicates
  • https://leadsblue.com/wp-content/wp-utility/index.php indicates
  • 955f1309d0c2b80fb3aace6943c32ca1c0557f81 indicates
  • leadsblue.com indicates
  • 5983dc3361dfb765c62119e0836c9b799c11a5cc indicates
  • f6bae38338601d961248e43ffdae05bdf4336edeea9eaf806f481e5f24700249 indicates
  • http://webinternal.anyplex.com/images/query_image.jsp indicates
  • 2733a8e3ab7de1f89fbf8412600b6ed837a2ea1f indicates
  • sede.lamarinadevalencia.com indicates
  • https://olidhealth.com/wp-includes/php-compat/compat.php indicates
  • http://www.ruscheltelefonia.com.br/public/php/index.php indicates