216.73.217.22

UNC6040, UNC6240

· Published 21/12/2025 17:00 · Modified 21/12/2025 17:00 · Source: AlienVault

Essential information

Confidence
100/100
Published
21/12/2025 17:00
Modified
21/12/2025 17:00
Updated at
21/12/2025 17:00
Revoked
No
Author / Source
AlienVault
Resource level
Primary motivation
Related entities
1 reports, 18 attack patterns (mitre), 6 sectors, 3 indicators

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (1)

Attack patterns (MITRE) (18)

  • T1590 uses
    Gather Victim Network Information
  • T1566 uses
    Phishing
  • T1555 uses
    Credentials from Password Stores
  • T1587 uses
    Develop Capabilities
  • T1078 uses
    Valid Accounts
  • T1588 uses
    Obtain Capabilities
  • T1539 uses
    Steal Web Session Cookie
  • T1589 uses
    Gather Victim Identity Information
  • T1199 uses
    Trusted Relationship
  • T1592 uses
    Gather Victim Host Information
  • T1586 uses
    Compromise Accounts
  • T1534 uses
    Internal Spearphishing
  • Steal or Forge Kerberos Tickets uses
    T1558
  • T1204 uses
    User Execution
  • T1567 uses
    Exfiltration Over Web Service
  • T1552 uses
    Unsecured Credentials
  • T1557 uses
    Adversary-in-the-Middle
  • T1021 uses
    Remote Services

Sectors (6)

  • Transportation targets
  • Hospitality targets
  • Finance targets
  • Technology targets
  • Retail targets
  • Telecommunications targets

Indicators (3)

  • ticket-dior.com indicates
  • ticket-nike.com indicates
  • ticket-audemarspiguet.com indicates