IoC Extractor

This IoC extractor identifies Indicators of Compromise (IoCs) by matching patterns, without analyzing the context of the surrounding text. Manual Review and Validation of the extracted IoCs are essential before any action is used.

Evacuation and Humanitarian Documents used to Spear Phish Ukrainian Entities

DATE : 2022-07-06T07:00:00
SOURCE : mandiant.com

FILE_HASH_MD5:
36ff9ec87c458d6d76b2afbd5120dfae
2f14b3d5ab01568e2707925783f8eafe
4a5de4784a6005aa8a19fb0889f1947a
2a843511cdb8f5604cb3fafe244ef5f2
6b413beb61e46241481f556bb5cdb69c
a0c4ddf9c6f95d7046be8a2e0f875935
ca9290709843584aecbd6564fb978bd6
cf204319f7397a6a31ecf76c9531a549
b8b7a10dcc0dad157191620b5d4e5312
2fdf9f3a25e039a41e743e19550d4040
aa5e8268e741346c76ebfd1f27941a14
e56555162c559a55021b879147b0791f
9ad4a2dfd4cb49ef55f2acd320659b83
15c525b74b7251cfa1f7c471975f3f95
c8bf238641621212901517570e96fae7
4f11abdb96be36e3806bada5b8b2b8f8
9ea3aaaeb15a074cd617ee1dfdda2c26
e34d6387d3ab063b0d926ac1fca8c4c4
2556a9e1d5e9874171f51620e5c5e09a
bd65d0d59f6127b28f0af8a7f2619588

Domain:
forkscenter.fr
cdn.discordapp.com

Url:
http://194.31.98.124:443/i
http://194.31.98.124:80
https://forkscenter.fr/BitdefenderWindowsUpdatePackage.exe
https://cdn.discordapp.com/attachments/947916997713358890/949948174636830761/one.exe
https://cdn.discordapp.com/attachments/947916997713358890/949948174838165524/dropper.exe
https://forkscenter.fr/Sdghrt_umrj6/wisw.exe
https://nirsoft.me/nEDFzTtoCbUfp9BtSZlaq6ql8v6yYb/avp/amznussra
https://nirsoft.me/s/2MYmbwpSJLZRAtXRgNTAUjJSH6SSoicLPIrQl/field-keyword
https://cdn.discordapp.com/attachments/947916997713358890/949978571680673802/cesdf.exe
https://45.84.0.116/i
http://45.84.0.116:443/m
http://45.84.0.116:443/