IoC Extractor

This IoC extractor identifies Indicators of Compromise (IoCs) by matching patterns, without analyzing the context of the surrounding text. Manual Review and Validation of the extracted IoCs are essential before any action is used.

Stolen Images Campaign Ends in Conti Ransomware

DATE : 2022-03-23T07:00:00
SOURCE : thedfirreport.com

CVE:
cve-2021-42278
cve-2021-42287

FILE_HASH_MD5:
a0e9f5d64349fb13191bc781f81f42e1
ec74a5c51106f0419184d0dd08fb05bc
0eecb7b1551fba4ec03851810d31743f
10b29985cd0ecd878ac083f059c42d51
21242d958caf225f76ad71a4d3a6d4d9
e7df03bc59b478f0588039416b845c7f
22bbd14a893b19220e829940ad474687
a48fbea91a31afaf348f713b1f59dfbf
ae4edc6faf64d08308082ad26be60767
71c8eb081c33fd6b2c10effa92154a18
fe4fb0b3ca2cb379d74cd239e71af44f
b3053228b51ae7af99e0abfa663368d5
7375eccff18bef7e89665d1a7f31edca
28bd01b6b3efa726bf00d633398c5c8a

FILE_HASH_SHA1:
04bbd0ffa580dd5a85ce4c7fc19c66cc753e45ff
18ddb5fac720599983791036e43154a9ce67ffde
06ef512d5a2b9353b6d0a412a1876e02d3474527
7d700ad69d2800de159af5f50bbb82e89467d8b4
8222ed4fcac2c7408e7fbb748af1752e72bb9b01
6ccd04b109a5148a04ae3ac7f6bc061ccab2122f
670d974d936262c1c569442238d953ed009f7c79
a0836d54aa2a783fd8bae685a1b94e913b655430
11012f0074e37e105c404a2eda61f9d652b8c03d
a3eed2b760abddfd62014fcf9ae81f435b216473
11b6b24660c045bb907ed43cfe007349764173bc
071bcc292362fd3754a2da00878bba4bae1a335f
6b3fc11a48e8aa2773dfe266c3be11e4c4c973a5
eb382c4a59b6d87e186ee269805fe2db2acf250e
04f72b9e78f196544f8f1331b4d9158df34d7ecf
8bb3379b6807610d61d29db1d76f5af4840b8208
becf3baeb4f6313bf267f7e8d6e9808fc0fc059c
e049058d14dd9ec09771b38ed4d59e8b49ba1bad

FILE_HASH_SHA256:
01a4c5ef0410b379fa83ac1a4132ba6f7b5814192dbdb87e9d7370e6256ea528
9c01afed2a863fa2466679ef53127e925963cc95de98bc4c59cb4743ccc73bf5
10084d7146462d06c599bd14664d14c511b40687e21983e6f8bded06982931a9
d281caef6c8fc45d8725d6cd1542234aea35b97b99bb6aaff7688d91a10716f0
baeb13eea3a71cfaba9d20ef373dcea69cf31f2ec21f45b83f29f699330cb3e3
a79f5ce304707a268b335f63d15e2d7d740b4d09b6e7d095d7d08235360e739c
4d62929aa9e76694a62b46bc05425452f26e1e9b09ea6f294850ace825229966
50d2a2564541887570cf784c677de6900aa503648c510927e08c32b5a6ae3bf5
8fb035b73bf207243c9b29d96e435ce11eb9810a0f4fdcc6bb25a14a0ec8cc21

Domain:
t.co
guguchrome.com
api.splashtop.com
relay.splashtop.com
applesflying.com
bunced.net
shytur.com
cirite.com
wayeyoy.com
chcp.com

Url:
https://t.co/uc4QkLQt4b&8221
https://t.co/1O3TYQYP1iabuse_ch
https://t.co/ZNwTD5rH7U