IoC Extractor

This IoC extractor identifies Indicators of Compromise (IoCs) by matching patterns, without analyzing the context of the surrounding text. Manual Review and Validation of the extracted IoCs are essential before any action is used.

TA578 using thread-hijacked emails to push ISO files for Bumblebee malware

DATE : 2022-04-08T07:00:00
SOURCE : sans.edu

FILE_HASH_MD5:
66356a654249c4824378b1a70e7cc1e5

FILE_HASH_SHA256:
330b01256efe185fc3846b6b1903f61e1582b5a5127b386d0542d7a49894d0c2
e9084037805a918e00ac406cf99d7224c6e63f72eca3babc014b34863fb81949
22e033c76bb1070953325f58caeeb5c346eca830033ffa7238fb1e4196b8a1b9
e6357f7383b160810ad0abb5a73cfc13a17f4b8ea66d6d1c7117dbcbcf1e9e0f
f398740233f7821184618c6c1b41bc7f41da5f2dbde75bbd2f06fc1db70f9130

Domain:
baronrtal.com
bunadist.com
omnimature.com
vorkinal.com
curanao.com
goranism.com
olodaris.com
appspot.com
oieqeh1cxwnd81.appspot.com
pz3ksj5t45tg4t.appspot.com
malware-traffic-analysis.net