IoC Extractor

This IoC extractor identifies Indicators of Compromise (IoCs) by matching patterns, without analyzing the context of the surrounding text. Manual Review and Validation of the extracted IoCs are essential before any action is used.

Malspam campaign delivering PowerDash – a tiny PowerShell backdoor

DATE : 2023-05-06T07:00:00
SOURCE : cert.pl

CVE:
cve-2017-0199

FILE_HASH_SHA256:
d5c03af59492198d99889f5ec84f96129019ba933c5d8e3614866861c28ab4e6
64502109c546fbd2d37644c030182a906b3871316b5086d31286c3697ca94362
2fd5c1a3787eec4d9bd6f935e5b93af0f4fd454544b03c6aa70c94e4b55d22a7
ec0a53f40414c1a1419d458af90a74b58d654de4af67841d689fa9f296ca617d
a196711c42f3f3d378bf8232d3b10a92afd846b0f374cbf6cd54fcfda47b958d

Domain:
track.adform.net
system.net

Url:
https://track.adform.net/adfserve/?bn=12345
http://5.63.152.179/doc/zal_nr_1_zap_ofertXXXX.doc
http://5.63.152.179/doc/zal_nr_1_zap_ofertXXX&8230
http://5.63.152.179/pl/1txt/XXXX
http://5.63.152.179/pl/1txt/&8230
http://5.63.152.179/pl/2ht/XXXX
http://5.63.152.179/pl/2ht/X&8230
http://5.63.152.179/pl/3txt/XXXX
http://5.63.152.179/pl/3txt/&8230
https://95.163.240.184:8000/dash/post_data
http://5.63.152.179/doc/zal_nr_1_zap_ofert8164.doc
http://5.63.152.179/pl/1txt/8164
http://5.63.152.179/pl/2ht/8164
http://5.63.152.179/pl/3txt/8164