IoC Extractor

This IoC extractor identifies Indicators of Compromise (IoCs) by matching patterns, without analyzing the context of the surrounding text. Manual Review and Validation of the extracted IoCs are essential before any action is used.

DarkTortilla Malware Analysis

DATE : 2022-08-10T07:00:00
SOURCE : secureworks.com

FILE_HASH_MD5:
d00bee25fa9dc9024fdf632727286708
25ee0bd09dfa02c94fdf632727286708
0e362e7005823d0bec3719b902ed6d62
59295e810bbdbfd64b8c41316ea13cae
84872b60072011eab8940f3b49bdb582
2d74df3ce221f6ff48d20bac158a3e78
827258f907c5087f498c413d28e2203e
c37aae0ff565a2e44f144f837b750279
93fe6600c51014d7d6c2afedf8398f92
6e91ad0972e104a277505104abe39d1e
cd49f7c3c4e82dee128eedea9879bc33
851816aa8cf45ba769f0d9420acfb3e5
f44695a8febb2a35576a59fa984629d2
8d8c551dd572a1dc158de239b37eaa9a
0f89a2015ed9c1be5522e27c00276e52

FILE_HASH_SHA1:
590d860b909804349e0cdc2f1662b37bd62f7463
18391a58ee25a5cb8dfbf4d48517b5b0c66c5ae6
3da0f44d45a1d6676d52ce691d2f6d754eb3097e
0563e691801251cdfd363eee31858ead5ee3928b
5e0cb6076002b11a39636e07a217b493835e5bce
dde386911b091e894746b0f12d88a1fd18761fb9
8f7340704745f3d53b284c101e93c42f8d4c2adc
261d699c3bb1a0042b88a45ed340f2d86149464f
619bf90a8ea219e34bf57dda1a322914b9fa1c81
4178d5efa388caf2d0ffd4539cf285b1de5ffab6
37ec57e5da46dc1990941a1bb3ffab9e74db346a
6d4b4bcd107b09af37996c73a6448379a31aaac4
5ad5b35f6cc093067c6f219f2d2107f44248c5bb

FILE_HASH_SHA256:
2d0dc6216f613ac7551a7e70a798c22aee8eb9819428b1357e2b8c73bef905ad
981aa83b2d33cca994021197237ac5ee3ad3402f7d25f04f4e76985f4ec8744c
5e03556be992d23088a3c49d24c45b1c21cd275bffb4e536348e8128d50374b6
4f15b28c91fa0e8d0dd9e86481bad04fa34fcaf564d08de7c4c0c513fc6e122d
55d7d9bd9d4a511417033b6c14ce93f962d6a6e6c6414f0cb7e455baee1d3ab7
a0b96236bfd79d2ebeadb8e3deb9448af3ec8edd1ea9672b7ad4793934bb4c47
45ef054bca2ae4d67e6623bf28ff75e5d178924602674c654e1b569aa74601cd
b3754c6ecc445e9a3b37c5ebe68adb9630ca4aa89a8e8515468f39ae8131f141
0a5dc3b6669cf31e8536c59fe1315918eb4ecfd87998445e2eeb8fed64bd2f2c
083acce46cb8cf35e37c778d1f4aee6814bca72d2874b793a47f9823f51df0fe
53b3b37b7d1e40c80fcda2c424cd837379ac2ce93023de6c22ba3e2d94679671
5be86cfca25e295f88b5aab42a6f604d2f1bb97f3c73b01df664c137908e2ec4
93dd1202697dbaed9ef4f4707f2628212bf13aad096de29c14924b1dae1d6d5b

Domain:
pastebin.pl
blog.malwarebytes.com
wiki.hackforums.net
gosecure.net
rn.net
microsoft.net

Url:
https://pastebin.pl/view/raw/60b6b03
https://blog.malwarebytes.com/cybercrime/malware/2017/03/explained-packer-crypter-and-protector
https://blog.malwarebytes.com/threat-analysis/2015/08/rainbows-steganography-and-malware-in-a-new-net-cryptor
https://wiki.hackforums.net/RATs_Crew
https://www.gosecure.net/blog/2021/11/02/new-malware-gameloader-in-discord-malspam-campaign-identified-by-gosecure-titan-la