ACR Stealer

Search IOCs, vulnerabilities, APT…

216.73.216.226

← Back to malwares

AlienVault · Published 20/12/2025 19:46 · Modified 29/05/2026 12:19

Essential information

Confidence: 100/100
Is family: No
Published: 20/12/2025 19:46
Modified: 29/05/2026 12:19
Revoked: No
Author / Source: AlienVault
Related entities: 38 attack patterns (mitre), 1 intrusion sets (apt), 8 sectors, 5 countries, 79 indicators, 18 vulnerabilities (cve), 6 reports

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.

Attack patterns (MITRE) (38)

T1219 uses

Remote Access Tools MITRE
T1132.001 uses

Standard Encoding MITRE
T1071.001 uses

Web Protocols MITRE
T1020 uses

Automated Exfiltration MITRE
T1204.002 uses

Malicious File MITRE
T1134 uses

Access Token Manipulation MITRE
T1027 uses

Obfuscated Files or Information MITRE
T1553.002 uses

Code Signing MITRE
T1199 uses

Trusted Relationship MITRE
T1543.003 uses

Windows Service MITRE
T1059.003 uses

Windows Command Shell MITRE
T1218.005 uses

Mshta MITRE

← Previous

Page / 4

1–12 of 38

EVALUSION uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

Sectors (8)

Government targets
Telecommunications targets
Technology targets
Manufacturing targets
Media targets
Entertainment industry targets
Energy targets
Finance targets

Countries (5)

Taiwan targets
Belgium targets
United States of America targets
China targets
Slovakia targets

Indicators (79)

pqdrf.xyz indicates

stix 100/100 Revoked

· Valid until 20/05/2025 · Source: AlienVault
http://151.236.17.180/Wire%20Confirmation/WireConfirmation.pdf.lnk indicates

stix 100/100 Revoked

· Valid until 05/11/2024 · Source: AlienVault
ptdrf.xyz indicates

stix 100/100 Revoked

· Valid until 20/05/2025 · Source: AlienVault
http://89.23.107.67/Downloads/2023-Documents%20Shared.lnk indicates

stix 100/100 Revoked

· Valid until 05/11/2024 · Source: AlienVault
unpopularnational.com indicates

stix 100/100 Revoked

· Valid until 16/04/2026 · Source: AlienVault
https://laughing-space-capybara-x5g6rjxq7jwvfp6q6-443.app.github.dev/sllkjdsss_… indicates

stix 100/100 Revoked

· Valid until 20/03/2026 · Source: AlienVault
http://206.188.196.28/Downloads/example.lnk indicates

stix 100/100 Revoked

· Valid until 05/11/2024 · Source: AlienVault
a61a2efaad92e5888cf20cb2bf96b9874eac5d5aadf6456c76926ab90cbe74d7 indicates

stix 100/100

· Valid until 15/11/2026 · Source: AlienVault
http://62.133.61.73/Downloads/Photo.lnk indicates

stix 100/100 Revoked

· Valid until 05/11/2024 · Source: AlienVault
pddbj.xyz indicates

stix 100/100 Revoked

· Valid until 20/05/2025 · Source: AlienVault
c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0 indicates

stix 100/100 Revoked

sandboxdetect_misc

· Valid until 28/09/2025 · Source: AlienVault
geotravelsgi.xyz indicates

stix 100/100 Revoked

· Valid until 16/06/2025 · Source: AlienVault

← Previous

Page / 7

1–12 of 79

Vulnerabilities (CVE) (18)

CVE-2023-46805 KEV targets

8.2 High

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the …

Attack vector: Network
Published: 10/01/2024
Modified: 27/05/2026

CVE-2024-3400 KEV targets

10.0 Critical

Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges …

Attack vector: Network
Published: 12/04/2024
Modified: 21/12/2025

CVE-2021-44228 KEV targets

10.0 Critical

Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

Attack vector: Network
Published: 10/12/2021
Modified: 27/05/2026

CVE-2023-7102 targets

9.8 Critical

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected …

Attack vector: NETWORK
Published: 24/12/2023
Modified: 19/02/2026

CVE-2023-2868 KEV targets

9.4 Critical

Barracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection.

Attack vector: Network
Published: 26/05/2023
Modified: 21/12/2025

CVE-2024-21893 KEV targets

8.2 High

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) …

Attack vector: Network
Published: 31/01/2024
Modified: 27/05/2026

CVE-2021-27065 KEV targets

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Published: 03/11/2021
Modified: 20/12/2025

CVE-2024-21887 KEV targets

9.1 Critical

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web …

Attack vector: Network
Published: 10/01/2024
Modified: 27/05/2026

CVE-2017-11882 KEV targets

7.8 High

Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.

Attack vector: Local
Complexity: Low
Published: 15/11/2017
Modified: 29/05/2026

CWE-119

CVE-2024-21412 KEV targets

8.1 High

Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass.

Attack vector: Network
Published: 13/02/2024
Modified: 27/05/2026

CVE-2023-3519 KEV targets

9.8 Critical

Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution.

Attack vector: Network
Published: 19/07/2023
Modified: 27/05/2026

CVE-2021-26855 KEV targets

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Published: 03/11/2021
Modified: 20/12/2025

← Previous

Page / 2

1–12 of 18

2025 Cloud Threat Hunting and Defense Landscape

11 CVEs 6 Malwares 3 Observables
EVALUSION Campaign Delivers Amatera Stealer and NetSupport...

16 MITREs 3 Malwares 1 Observable 1 APT
WebDAV-as-a-Service: Uncovering the infrastructure behind Emmenhtal loader distribution …

3 MITREs 16 Malwares 120 Observables
Double Trouble: Latrodectus And ACR Stealer Observed Spreading …

6 CVEs 10 MITREs 2 Malwares 15 Observables
Exploiting CVE-2024-21412: A Stealer Campaign Unleashed

1 CVE 16 MITREs 2 Malwares 27 Observables
Threat landscape — Belgium

Confidence 100 18 CVEs 200 MITREs 200 Malwares 20 APTs 26 Tools

Contact About Legal notice Privacy policy Terms of use

ACR Stealer

Essential information

Description

Marking (TLP)

Related entities

Attack patterns (MITRE) (38)

Intrusion sets (APT) (1)

Sectors (8)

Countries (5)

Indicators (79)

Vulnerabilities (CVE) (18)

Reports (6)