IoC Extractor

This IoC extractor identifies Indicators of Compromise (IoCs) by matching patterns, without analyzing the context of the surrounding text. Manual Review and Validation of the extracted IoCs are essential before any action is used.

Technical Advisory: Proxy*Hell Exploit Chains in the Wild 

DATE : 2023-01-17T07:00:00
SOURCE : bitdefender.com

CVE:
cve-2021-26855
cve-2021-27065
cve-2021-34473
cve-2021-34523
cve-2021-31207
cve-2022-41080
cve-2022-41082

FILE_HASH_MD5:
d375f2fab8e85975cc19a60a6aebca94
43250dd7f3a01c689131849c39f36482
d765cf358376604b90eba4f5dccb4cea
5d08e4593bc214dc4c86064fb8a1c776
80ce2d5f2689a7c5ccf13843c962c6f1
a60f1c6e19d09661ca61502603ada352
daf0b4b216ef9e046af3c863eea559a7
8de8561f2440281155bbfe20666643fa
ad362104eea7afcd727b77e89a4a5e2e
ad086021b7ee50ff5b9acec4d79736be
607a6987395f02086e0e355c9ba4d76e
53c2f5ebde7c5417b2b4081070643da1
2c0584f95b33a77e20060cc569a5279a
617180092c3935de27dfff0090e5de70
43bc56681d4149001119ea87021ea52a
5d700d932297094dda08a7398640cd24
4cf05aa013e641d27ac49b2e2d33d38e
158aad1b5cffd0cc9beab406c5505a03
04a376c786422d5698cb00e5b72d5cf5
9e94c61a5b1423b0952d8f148fefe8cb
0608bd719a7d7700c8e9fa7a8e3f91bb
310e4c1d486cb993fa9cf6bb8cf02210
a5669fea9a23aab938b69942b9b25f79
62cb2f96b0fcb047488f7324d1f2deff
e987a0f47c4f5e9d69b970e10754aed7
8149428f6ab6e535fbc8ed7bde7e9b89
ef6d298feea0d93cf9f7761b083d8772
d400a0082319658e23776805b0171d86
a8f1ac3465843501b47b9d834aadb607
fa4d55b86110abe4c4a517f46b8da57b
06f0f9048eb75fed0895ef05029d5383
ac8ec380efe977828dc00b07365dc0f5
74a0be01fd6f1bfaa0581414b4b29f50
88dad05c0fd917cc770470f006b5261d
63622ddbf8bb5c1c73097ad2125676c0
84aa37e8a28201dc55f5f21d336b13e5
f17714b5dec7c0363e79baf5568b1327
8f431f9baf77000b1d951b443853ae50

Domain:
lostbussiness.com
devoterfo.com
aboutdatabasesoftware.com
a.com

Url:
https://autodiscover.hofd
https://mail.fc
https://autodiscover.livi
https://mail.st
https://mail.o
http://mail
https://lostbussiness.com:443/ga.exe
https://devoterfo.com:443/komar66.dll
https://devoterfo.com:443/komar64.dll
https://devoterfo.com:443/ga.exe
https://devoterfo.com:443/addp.dll
http://38.135.122.130/Agent64.bi
https://devoterfo.com:443/komar65.dll
https://devoterfo.com:443/cps.exe
https://devoterfo.com:443/add64s.exe
https://devoterfo.com:443/204109.dll
http://aboutdatabasesoftware.com/files/lv.jpg
https://devoterfo.com:443/komar2.ps1
http://38.108.119.121/ALdr32.ps1
http://38.135.122.130/Agent32.bi
http://64.235.39.82/Agent64.bi
http://64.235.39.82/Agent32.bi
http://38.108.119.121/Agent32.bi
http://38.108.119.121/Agent64.bi
http://64.44.168.92:80/out.bi
http://172.86.123.228:80/x86.exe
http://64.44.168.92/out.bi