IoC Extractor

This IoC extractor identifies Indicators of Compromise (IoCs) by matching patterns, without analyzing the context of the surrounding text. Manual Review and Validation of the extracted IoCs are essential before any action is used.

Sandworm APT Targets Ukrainian Users with Trojanized Microsoft KMS Activation Tools in Cyber Espionage Campaigns

DATE : 2025-03-08T13:15:05
SOURCE : eclecticiq.com

FILE_HASH_SHA1:
172d3750e3617526563dd0b24c4ba88f907622b9

FILE_HASH_SHA256:
48450c0a00b9d1ecce930eadbac27c3c80db73360bc099d3098c08567a59cdd3
039c8dd066efa3dd7ac653689bfa07b2089ce4d8473c907547231c6dd2b136ec
70c91ffdc866920a634b31bf4a070fb3c3f947fc9de22b783d6f47a097fec2d8
afc6131b17138a6132685617aa60293a40f2462dc3a810a4cf745977498e0255
ed5735449a245355706fc58f4b744251f6e499833f02a972f9bd448c28467194
fdc3f0516e1558cc4c9105ac23716f39a6708b8facada3a48609073a16a63c83
22c79153e0519f13b575f4bfc65a5280ff93e054099f9356a842ce3266e40c3d
a42de97a466868efbfc4aa1ef08bfdb3cc5916d1accd59cfffff1a896d569412
8cfa4f10944fc575420533b6b9bbcabbf3ae57fe60c6622883439dbb1aa60369
8a4df53283a363c4dd67e2bda7a430af2766a59f8a2faf341da98987fe8d7cbd
0e58d38fd2df86eeb4a556030a0996c04bd63e09e669b34d3bbc10558edf31a6
5bff08a6aa7a7541c0b7b1660fd944cec55fa82df6285166f4da7a48b81f776e
4b9e32327067a84d356acb8494dc05851dbf06ade961789a982a5505b9e061e3
1a1ffcbab9bff4a033a26e8b9a08039955ac14ac5ce1f8fb22ff481109d781a7
2de08a0924e3091b51b4451c694570c11969fb694a493e7f4d89290ae5600c2c
4b0038de82868c7196969e91a4f7e94d0fa2b5efa7a905463afc01bfca4b8221
7c0da4e314a550a66182f13832309f7732f93be4a31d97faa6b9a0b311b463ff
a00beaa5228a153810b65151785596bebe2f09f77851c92989f620e37c60c935
b45712acbadcd17cb35b8f8540ecc468b73cac9e31b91c8d6a84af90f10f29f8
cd7c36a2f4797b9ca6e87ab44cb6c8b4da496cff29ed5bf727f0699917bae69a
4b2e4466d1becfa40a3c65de41e5b4d2aa23324e321f727f3ba20943fd6de9e5
553f7f32c40626cbddd6435994aff8fc46862ef2ed8f705f2ad92f76e8a3af12
d774b1d0f5bdb26e68e63dc93ba81a1cdf076524e29b4260b67542c06fbfe55c
70cad07a082780caa130290fcbb1fd049d207777b587db6a5ee9ecf15659419f
c5853083d4788a967548bee6cc81d998b0d709a240090cfed4ab530ece8b436e
aadd85e88c0ebb0a3af63d241648c0670599c3365ff7e5620eb8d06902fdde83
7d92b10859cd9897d59247eb2ca6fb8ec52d8ce23a43ef99ff9d9de4605ca12b
d13f0641fd98df4edcf839f0d498b6b6b29fbb8f0134a6dae3d9eb577d771589
dd7a9d8d8f550a8091c79f2fb6a7b558062e66af852a612a1885c3d122f2591b
b9be4a6271c4660bb9a45985c85975330ab98454d0581de979738e3d3e71d03a
b545c5ee0498637737d4edff4b0cc672fe097a1ecfba1a08bb4d07e8affe79d3

Domain:
activationsmicrosoft.com
curl.se
nsarchive.gwu.edu
rferl.org
btdig.com
gss.bsa.org
bankinfosecurity.com
kmsupdate2023.com
onedrivepack.com
windowsupdatesystem.org
kms-win11-update.net
kalambur.net
ratiborus2023.com
publicdomainregistry.com
protonmail.com
onedrivestandaloneupdater.com
activationsmicrosoft.com
windowsupdatesystem.org
onedrivestandaloneupdater.com
kalambur.net
windowsdrivepack.com
akamaitechcdns.com

Url:
https://activationsmicrosoft.com/activationsmicrosoft.php
https://curl.se/&8217
https://nsarchive.gwu.edu/sites/default/files/documents/semon9-ryglx/2024-04-17-Mandiant-APT44-Unearthing-Sandworm.pdf
https://cert.gov.ua/article/4279195
https://www.rferl.org/a/ukraine-sanctions-intellectual-property/24928537.html
https://btdig.com/172d3750e3617526563dd0b24c4ba88f907622b9
https://enlargement.ec.europa.eu/document/download/1924a044-b30f-48a2-99c1-50edeac14da1_en?filename=Ukraine%20Report%202024.pdf
https://gss.bsa.org/wp-content/uploads/2018/05/2018_BSA_GSS_Report_en.pdf
https://www.bankinfosecurity.com/pirated-software-compromised-ukrainian-utility-company-a-21618