IoC Extractor

This IoC extractor identifies Indicators of Compromise (IoCs) by matching patterns, without analyzing the context of the surrounding text. Manual Review and Validation of the extracted IoCs are essential before any action is used.

PHOSPHORUS Automates Initial Access Using ProxyShell

DATE : 2022-03-11T07:00:00
SOURCE : thedfirreport.com

CVE:
cve-2021-34473
cve-2021-34523
cve-2021-31207

FILE_HASH_MD5:
46B722FD25E69870FA7711924BC5304D
787242D55F2C49A23F5D97710D972108
A2DB26CE3BBE7B2CB12F9BEFB37891A3
11FCC18FB2B55FC3C988F6A76FCF8A2D
56D49E57AD1A051BF62C458CD6F3DEA9
6104990DFEA3DFAB044FAF960458DB09

FILE_HASH_SHA1:
ab814cbc408234eddf538bc893fcbe00c32ca2e9
b81839e3ce507df925d6e583e569e1ac3a3894ab
777d218adc789b7f1b146701793e78799324d87d
1425ede905514b7dbf3c457561aaf2ff27274724
682e0458a336c3a6e93b18f7e972e1d67ef01598
1ff5e226ad8bed34916c16ccc77ba281ca3203ae
ed4e771700681b36eb8dd74a13dffc94c857bb46
04f72b9e78f196544f8f1331b4d9158df34d7ecf
6f5271275e9ac22be9ded8b9252bce064e524153
503df469687fe4d14d2119a95723485d079ec0d9
1cfca93354d25e458db40f8d48403602b46bbf03
57cdfd261266b81255e330723f4adf270fc4c4f8
98d7380a40d503ffd225420f7318b79d9f5097b8

FILE_HASH_SHA256:
c5aae30675cc1fd83fd25330cec245af744b878a8f86626d98b8e7fcd3e970f8
84f77fc4281ebf94ab4897a48aa5dd7092cc0b7c78235965637eeef0908fb6c7
7b5fbbd90eab5bee6f3c25aa3c2762104e219f96501ad6a4463e25e6001eb00b
12c6da07da24edba13650cd324b2ad04d0a0526bb4e853dee03c094075ff6d1a
faa315db522d8ce597ac0aa957bf5bde31d91de94e68d5aefac4e3e2c11aa970

Domain:
api.myip.com
tcp443.msupdate.us
kcp53.msupdate.us