Amadey Bot

Search IOCs, vulnerabilities, APT…

216.73.216.226

← Back to malwares

AlienVault · Published 20/12/2025 19:48 · Modified 21/12/2025 08:16

Essential information

Confidence: 100/100
Is family: No
Published: 20/12/2025 19:48
Modified: 21/12/2025 08:16
Revoked: No
Author / Source: AlienVault
Related entities: 11 attack patterns (mitre), 1 sectors, 8 indicators, 5 vulnerabilities (cve), 1 reports

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.

Attack patterns (MITRE) (11)

T1566 uses

Phishing MITRE
T1053 uses

Scheduled Task/Job MITRE
T1218 uses

System Binary Proxy Execution MITRE
T1071 uses

Application Layer Protocol MITRE
T1020 uses

Automated Exfiltration MITRE
T1055 uses

Process Injection MITRE
T1059 uses

Command and Scripting Interpreter MITRE
T1574 uses

Hijack Execution Flow MITRE
T1027 uses

Obfuscated Files or Information MITRE
T1036 uses

Masquerading MITRE
T1204 uses

User Execution MITRE

Sectors (1)

Manufacturing targets

Indicators (8)

https://berb.fitnessclub-filmfanatics.com/naailq0.cplURLremote indicates

stix 100/100 Revoked

· Valid until 21/01/2025 · Source: AlienVault
c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0 indicates

stix 100/100 Revoked

sandboxdetect_misc

· Valid until 28/09/2025 · Source: AlienVault
download-695-18112-001-webdav-logicaldoc.cdn-serveri4732-ns.shop indicates

stix 100/100 Revoked

· Valid until 10/11/2025 · Source: AlienVault
berb.fitnessclub-filmfanatics.com indicates

stix 100/100 Revoked

· Valid until 10/11/2025 · Source: AlienVault
http://download-695-18112-001-webdav-logicaldoc.cdn-serveri4732-ns.shop/Downloa… indicates

stix 100/100 Revoked

· Valid until 21/01/2025 · Source: AlienVault
http://download-695-18112-001-webdav-logicaldoc.cdn-serveri4732-ns.shop/Downloa… indicates

stix 100/100 Revoked

· Valid until 21/01/2025 · Source: AlienVault
https://berb.fitnessclub-filmfanatics.com/naailq0.cpl. indicates

stix 100/100 Revoked

· Valid until 21/01/2025 · Source: AlienVault
a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91 indicates

stix 100/100 Revoked

Trojan:Win32/CoinMiner.AQ

· Valid until 28/09/2025 · Source: AlienVault

Vulnerabilities (CVE) (5)

CVE-2023-46805 KEV targets

8.2 High

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the …

Attack vector: Network
Published: 10/01/2024
Modified: 27/05/2026

CVE-2017-11882 KEV targets

7.8 High

Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.

Attack vector: Local
Complexity: Low
Published: 15/11/2017
Modified: 29/05/2026

CWE-119

CVE-2024-21893 KEV targets

8.2 High

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) …

Attack vector: Network
Published: 31/01/2024
Modified: 27/05/2026

CVE-2024-21887 KEV targets

9.1 Critical

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web …

Attack vector: Network
Published: 10/01/2024
Modified: 27/05/2026

CVE-2021-44228 KEV targets

10.0 Critical

Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

Attack vector: Network
Published: 10/12/2021
Modified: 27/05/2026

Reports (1)

Threat Actor Targets Manufacturing Industry With Malware

11 MITREs 2 Malwares

Contact About Legal notice Privacy policy Terms of use