216.73.217.22

VexTrio

· Published 21/12/2025 02:40 · Modified 21/12/2025 02:54 · Source: AlienVault

Essential information

Confidence
100/100
Published
21/12/2025 02:40
Modified
21/12/2025 02:54
Updated at
21/12/2025 02:54
Revoked
No
Author / Source
AlienVault
Resource level
Primary motivation
Related entities
3 reports, 25 attack patterns (mitre), 5 malware, 3 countries, 25 indicators

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (3)

Attack patterns (MITRE) (25 / 28)

  • T1036 uses
    Masquerading
  • T1586 uses
    Compromise Accounts
  • T1204 uses
    User Execution
  • T1064 uses
    Scripting
  • T1457 uses
  • T1589 uses
    Gather Victim Identity Information
  • T1213 uses
    Data from Information Repositories
  • T1046 uses
    Network Service Discovery
  • T1592 uses
    Gather Victim Host Information
  • T1071 uses
    Application Layer Protocol
  • T1566 uses
    Phishing
  • T1588 uses
    Obtain Capabilities
  • T1584 uses
    Compromise Infrastructure
  • T1557 uses
    Adversary-in-the-Middle
  • T1190 uses
    Exploit Public-Facing Application
  • T1189 uses
    Drive-by Compromise
  • T1585 uses
    Establish Accounts
  • T1027 uses
    Obfuscated Files or Information
  • T1606 uses
    Forge Web Credentials
  • T1056 uses
    Input Capture
  • T1608 uses
    Stage Capabilities
  • T1590 uses
    Gather Victim Network Information
  • T1199 uses
    Trusted Relationship
  • T1598 uses
    Phishing for Information
  • T1102 uses
    Web Service

Malware (5)

  • Sign1 uses
    Family
    Published 13/06/2025 07:59 · Modified 13/06/2025 07:59
  • SocGhoulish
  • ClearFake uses
    Family
    Published 04/02/2025 03:00 · Modified 04/02/2025 03:00
  • DollyWay uses
    Family
    Published 13/06/2025 07:59 · Modified 13/06/2025 07:59
  • Balada uses
    Family
    Published 13/06/2025 07:59 · Modified 13/06/2025 07:59

Countries (3)

  • Czechia targets
  • Switzerland targets
  • Russian Federation targets

Indicators (25 / 164)

  • rpn-news3.club indicates
  • tiktok.supersbows.us indicates
  • trafficiq.com indicates
  • cdn-routing.com indicates
  • allowthoughtpush.xyz indicates
  • airpathinch.xyz indicates
  • fastminingpro.com indicates
  • 702942e07c.hotbkebani.cc indicates
  • vm-technitrade.holacode.tech indicates
  • universalrock-storage.com indicates
  • cryptoprofit.life indicates
  • tiktok.superbowsm.top indicates
  • winner-g5sf.live indicates
  • anroadship.xyz indicates
  • aloneflybox.xyz indicates
  • http://pushtorm.net/System/AddSubscriber indicates
  • prize-of-5win.live indicates
  • https://tinyurl.com/2ykfey8v indicates
  • get-the-prize-ht7.live indicates
  • againstsegmentyellow.xyz indicates
  • bonustop-price.life indicates
  • amongcitylearn.xyz indicates
  • arevowelwire.xyz indicates
  • defendyourpc.com indicates
  • b9ab1.rpbuildit.xyz indicates