IoC Extractor

This IoC extractor identifies Indicators of Compromise (IoCs) by matching patterns, without analyzing the context of the surrounding text. Manual Review and Validation of the extracted IoCs are essential before any action is used.

Translating Saitama’s DNS tunneling messages

DATE : 2022-06-03T07:00:00
SOURCE : morphuslabs.com

FILE_HASH_SHA256:
e0872958b8d3824089e5e1cfab03d9d98d22b9bcb294463818d721380075a52d

Domain:
blog.malwarebytes.com
isc.sans.edu
oxn009lc7n5887k96c4zfckes6uif.rootdomain.com
vy5xxxxvzz650coacbsf03f2jkviwui9.joexpediagroup.com
oxn009lc7n5887k96c4zfckes6uif.joexpediagroup.com
pqxwwk9cyl1upnxwyqwinn0wgzui5.uber-asia.com
w7irwrisb5lxwkow81udr.uber-asia.com

Url:
https://blog.malwarebytes.com/threat-intelligence/2022/05/how-the-saitama-backdoor-uses-dns-tunnelling
https://blog.malwarebytes.com/threat-intelligence/2022/05/apt34-targets-jordan-government-using-new-saitama-backdoor
https://isc.sans.edu/forums/diary/TranslatingSaitamasDNStunnelingmessages/28738