IoC Extractor

This IoC extractor identifies Indicators of Compromise (IoCs) by matching patterns, without analyzing the context of the surrounding text. Manual Review and Validation of the extracted IoCs are essential before any action is used.

SocGholish Campaigns and Initial Access Kit

DATE : 2022-05-13T07:00:00
SOURCE : medium.com

FILE_HASH_SHA256:
bcd004db9f44f2414c7094f79afb2d80230611e5b4f97960685157d236186126
4fffa055d56e48fa0c469a54e2ebd857f23eca73a9928805b6a29a9483dffc21
56de90d87bb9afc5345991b910a17cf0c6ee95cb97ea4b6de87fd93a8f22c9c0
ee526c0f6ce5632e585b38322c2b6332730dfa9702d0d94c99dff7a36f98db1b
465ab5550bc788a274e38a71ecdc246d407c453a7a2d533a9b4aa2d9e53a8463
a1f710e70688c61f447d575a081f10f21c999170e67cdedff11acb6b87b0ba14
82ddf784507fffbbbcca749a687990345041c6c6cb5f4d768ee4136b3b4f4f03

Domain:
irsbusinessaudit.net
design.lawrencetravelco.com
payyourintern.com
10b33845.xen.hill-family.us
docs.house.gov
cofense.com
research.nccgroup.com
publicwww.com
decoded.avast.io
irsgetwell.net
asaicuuvuvyy33ifbcia33.cn
mixerspring.cn
aasdig8g7b448ugudf.cn
sjvuvja.com
nsncasicuasyca831cs3vvz.cn
irsbusinessaudit.netirsbusinessaudit.net
comfortmc.comcontentcdns.netasaasdivu73774vbaa33.cnsolenica.com
fakeurl.htmdesign.lawrencetravelco.com

Url:
http://5.252.178.213/restore.dat
https://10b33845.xen.hill-family.us/pixel.gif
https://docs.house.gov/meetings/JU/JU00/20220329/114533/HHRG-117-JU00-20220329-SD006.pdf
https://cofense.com/blog/rat-campaign-looks-to-take-advantage-of-the-tax-seaso
https://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-grou
https://publicwww.com
https://decoded.avast.io/janrubin/parrot-tds-takes-over-web-servers-and-threatens-millio