IoC Extractor

This IoC extractor identifies Indicators of Compromise (IoCs) by matching patterns, without analyzing the context of the surrounding text. Manual Review and Validation of the extracted IoCs are essential before any action is used.

IcedID (Bokbot) with Dark VNC and Cobalt Strike

DATE : 2022-07-19T07:00:00
SOURCE : sans.edu

FILE_HASH_SHA256:
4b86c52424564e720a809dca94f5540fcddac10cb57618b44d693e49fd38c0a5
d9a7ce532ee39918815f9dd03d0b4961ef85dddfd2498759b868e9ed8858a532
4661a789c199544197a7d3ccfedb51ec95393641fb44875c92cf6c2c4a40fc1d
eef2684a47bbadf954f3bc06b3611989447f1b5cfd47cdeacb38321987b3565c
df66d308065919c5d45f6c9b718b1a7c58f9e461488bbef850c924728f053b14
f53321d9a70050759f1d3d21e4748f6e9432bf2bc476f294e6345f67e6c56c3e
a15ae5482b31140220bb75ce2e6c53aaafe3dc702784a0d235a77668e3b0a69a
ee0379ef06a74b3c810b4f757097cd0534ec5c4ebf0d92875b07421fe1a5dd55
e512027d42d829fad95d14aa4c48f3ce30089e5c200681a2bded67068b8973f4
1de8b101cf9f0fabc9f086bddb662c89d92c903c5db107910b3898537d4aa8e7
a7a0025d77b576bcdaf8b05df362e53a748b64b51dd5ec5d20cf289a38e38d56

Domain:
tritehairs.com
lufuyadehi.com
peranistaer.top
wiandukachelly.com
alohasockstaina.com
gruvihabralo.nl
zuyonijobo.com
malware-traffic-analysis.net