216.73.217.22

WEBJACK

· Published 21/12/2025 18:50 · Modified 21/12/2025 18:50 · Source: AlienVault

Essential information

Confidence
100/100
Published
21/12/2025 18:50
Modified
21/12/2025 18:50
Updated at
21/12/2025 18:50
Revoked
No
Author / Source
AlienVault
Resource level
Primary motivation
Related entities
1 reports, 11 attack patterns (mitre), 4 malware, 3 sectors, 1 countries, 25 indicators

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (1)

Attack patterns (MITRE) (11)

  • T1574 uses
    Hijack Execution Flow
  • T1564.001 uses
    Hidden Files and Directories
  • T1027.002 uses
    Software Packing
  • T1055 uses
    Process Injection
  • T1572 uses
    Protocol Tunneling
  • T1071.001 uses
    Web Protocols
  • T1046 uses
    Network Service Discovery
  • T1190 uses
    Exploit Public-Facing Application
  • T1505 uses
    Server Software Component
  • T1003 uses
    OS Credential Dumping
  • T1070.001 uses
    Clear Windows Event Logs

Malware (4)

  • Cobalt Strike - S0154 uses
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:39 · Modified 27/05/2026 21:40
  • m0yv uses
    Family
    Published 19/11/2025 09:01 · Modified 19/11/2025 09:01
  • BadIIS uses
    Family
    Published 05/06/2026 18:07 · Modified 05/06/2026 18:07
  • XlAnyLoader uses
    Family
    Published 19/11/2025 09:01 · Modified 19/11/2025 09:01

Sectors (3)

  • Education targets
  • Technology targets
  • Government targets

Countries (1)

  • France targets

Indicators (25 / 34)