IoC Extractor

This IoC extractor identifies Indicators of Compromise (IoCs) by matching patterns, without analyzing the context of the surrounding text. Manual Review and Validation of the extracted IoCs are essential before any action is used.

LNK file (disguised as a certificate) spreading RokRAT malware.

DATE : 2024-04-23T09:09:39
SOURCE : ahnlab.com

FILE_HASH_MD5:
bd07b927bb765ccfc94fadbc912b0226
6e5e5ec38454ecf94e723897a42450ea

FILE_HASH_SHA256:
3114a3d092e269128f72cfd34812ddc8bd98fe95107ed54df3c809d7925f2d2c

Domain:
api.pcloud.com
cloud-api.yandex.net
content.dropboxapi.com

Url:
https://api.pcloud.com/getfilelink?path=%s&am
https://api.pcloud.com/uploadfile?path=%s&am
https://cloud-api.yandex.net/v1/disk/resources/download?path=%sYandexuphttps://cloud-api.yandex.net/v1/disk/resources/upload?path=%s&am
https://content.dropboxapi.com/2/files/downloadDropBoxuphttps://content.dropboxapi.com/2/files/upload