IoC Extractor

This IoC extractor identifies Indicators of Compromise (IoCs) by matching patterns, without analyzing the context of the surrounding text. Manual Review and Validation of the extracted IoCs are essential before any action is used.

Shifting the sands of RansomHub’s EDRKillShifter

DATE : 2025-03-27T10:31:31
SOURCE : welivesecurity.com

FILE_HASH_SHA1:
BF84712C5314DF2AA851B8D4356EA51A9AD50257
77DAF77D9D2A08CC22981C004689B870F74544B5
97E13515263002809505DC913B04B49AEB78B067
87D0F168F049BEFE455D5B702852FFB7852E7DF6
2E89CF3267C8724002C3C89BE90874A22812EFC6
3B035DA6C69F9B05868FFE55D7A267D098C6F290
5ECAFF68D36EC10337428267D05CD3CB632C0444
DCF711141D6033DF4C9149930B0E1078C3B6D156
E38082AE727AEAEF4F241A1920150FDF6F149106
046583DEB4B418A6F1D8DED8BED9886B7088F338
3B4AEDAFA9930C19EA889723861BF95253B0ED80
460D7CB14FCED78C701E7668C168CF07BCE94BA1
5AF059C44D6AC8EF92AA458C5ED77F68510F92CD
67D17CA90880B448D5C3B40F69CEC04D3649F170
180D770C4A55C62C09AAD1FC3412132D87AF5CF6
DD6FA8A7C1B3E009F5F17176252DE5ACABD0FB86
FDA5AAC0C0DB36D173B88EC9DED8D5EF1727B3E2

Domain:
torproject.org
ecrime.ch
eset.com

Url:
https://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion.ly
http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onio
https://www.torproject.org/download
http://ubfofxonwdb32wpcmgmcpfos5tdskfizdft6j54l76x3nrwu2idaigid.onio
http://45.32.206.169/
http://149.154.158.222:33031/win64_1.exe
http://45.32.206.169/WKTools.exe
http://130.185.75.198:8000/plink.exe
http://79.124.58.130/dl/git.exe