IoC Extractor

This IoC extractor identifies Indicators of Compromise (IoCs) by matching patterns, without analyzing the context of the surrounding text. Manual Review and Validation of the extracted IoCs are essential before any action is used.

Securonix Threat Labs Initial Coverage Advisory: STIFF#BIZON Detection Using Securonix – New Attack Campaign Observed Possibly Linked to Konni/APT37 (North Korea)

DATE : 2022-07-07T07:00:00
SOURCE : securonix.com

FILE_HASH_SHA256:
07b10c5a772f6f3136eb58a7034bcb5ce71c0c740aaa528d3bae318d939b2242
5d28072d76bd6af944fcec8045cbc24410a58fe70eef6f83c50934245ec92e60
b9727fb553894d857900c0a18f82723659d136329ef56bbe9388905a666f1197
12df9753abd867118ce97e6570c2bde780c7913ecab4b91ef7f540c4fede2772
6f325fb0a7de6f05490f1eb3c0e5826a44a11ed2dee4c17f486b8200f539d49e
35d38eed9168c16d2dd595fa9542a411080d12de971ea3d3c12dd5c44e454049
31a9801e5e2e5fd7f66f23bc8456069b6a958e03838e431ccf7d84867f88c840
5fce9f27326549cc6091ba1f806e7c161878a2642411a941ba484b0c1c7adb8f
9f27430ed919e74c81b0487542fe29a65a0b860a6a290e3b032f3a5ba7c691bc
b6987a717741329d5b64f769c9d3f1f572b42c7375dd841aecbf2b6d4096d6de
dee7826f5b7f0cbc97a81de8f6844a011cc836269bc5d00a0594dfec5386613c
44566d506e0348c999a66ee5158b0014a74bdd3f038e40ca76e5b069b8991f85
9c82477eac14abfb7f507806a941e4e5633dd07c4b73a44b10296ec28e3df162
5f3483823342318c4154bbef806cec2187a0360f079237a456603896ff7f5473

Domain:
547857.c1.biz
mandiant.com
crowdstrike.com
blog.malwarebytes.com
wikileaks.org
thecssc.com
therecord.media
threatpost.com
ukrainetoday.org
system.net
65487.c1.biz

Url:
https://www.mandiant.com/sites/default/files/2021-09/APT28-Center-of-Storm-2017.pdf
https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee
https://blog.malwarebytes.com/threat-intelligence/2021/08/new-variant-of-konni-malware-used-in-campaign-targetting-russia
https://wikileaks.org/ciav7p1
https://www.thecssc.com/wp-content/uploads/2018/10/4OctoberIOC-APT28-malware-advisory.pdf
https://therecord.media/a-deeper-look-at-hacking-groups-and-malware-targeting-ukraine
https://threatpost.com/apt-attackers-flying-more-false-flags-than-ever/116814
https://ukrainetoday.org/2022/07/13/north-korea-recognizes-dpr