Tycoon Group
· Published 21/12/2025 02:53 · Modified 21/12/2025 02:53
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 02:53
- Modified
- 21/12/2025 02:53
- Updated at
- 21/12/2025 02:53
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 15 attack patterns (mitre), 1 sectors, 25 indicators
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Attack patterns (MITRE) (15)
-
T1598.002 usesSpearphishing Attachment
-
T1071 usesApplication Layer Protocol
-
T1598 usesPhishing for Information
-
T1134 usesAccess Token Manipulation
-
T1566 usesPhishing
-
T1566.002 usesSpearphishing Link
-
T1559
-
T1078 usesValid Accounts
-
T1133 usesExternal Remote Services
-
T1557 usesAdversary-in-the-Middle
-
T1078.002 usesDomain Accounts
-
T1078.001 usesDefault Accounts
-
T1529 usesSystem Shutdown/Reboot
-
T1566.001 usesSpearphishing Attachment
-
T1598.003 usesSpearphishing Link
Sectors (1)
- Finance targets
Indicators (25 / 66)
-
25rw2.canweal.comindicates -
kjlvo.ningeona.comindicates -
5me78.methw.ruindicates -
4m2swl.7e2r.comindicates -
0q5e0.nemen9.comindicates -
n29k4.ilert.ruindicates -
xrs.chenebystie.comindicates -
wasogo.shantowd.comindicates -
fiq75d.rexj.ruindicates -
oo99v.coqqwx.ruindicates -
bloggcenter.comindicates -
horizon.sologerg.comindicates -
e85t8.nechsha.comindicates -
roriku.orankfix.comindicates -
7374.ginvet9.comindicates -
x12y.restrice.ruindicates -
zekal6.tnjxb.comindicates -
9oc0y2isa27.demur3.comindicates -
codecrafterspro.comindicates -
8uecv.gnornamb.comindicates -
35fu2.ouchar.ruindicates -
http://i9152.cisele0.com/web6socket/socket.io/?type=User&appnum=1&EIO=4&transport=websocketindicates -
q908q.refec7.comindicates -
fisaca.trodeckh.comindicates -
4343w.jgu0.comindicates