IoC Extractor

This IoC extractor identifies Indicators of Compromise (IoCs) by matching patterns, without analyzing the context of the surrounding text. Manual Review and Validation of the extracted IoCs are essential before any action is used.

Securonix Threat Research Security Advisory: Analysis and Detection of STEADY#URSA Attack Campaign Targeting Ukraine Military Dropping New Covert SUBTLE-PAWS PowerShell Backdoor

DATE : 2024-02-01T16:10:11
SOURCE : youtube.com

FILE_HASH_SHA256:
252A6736420862DB7A275A16F5C3D4F3E51784244CCF72FCFA30236439D834C8
61370D0AC56F73321C11876424EC75E2740D6910FF53B0791F0560C72D85B330
2861CE32762327228F9875643AB253E2C2B04565739B65919D2AFDDE405A9AEA
D222977AB20317647595C9DE7413BD17A8074006007150102AA2B569FC2CCBF1
3A4C14D0745FC97839F904BACB8B42FD9EB620D736A29C08841A2E9C0E488D3B
6DDED7FC8B22BFCE6F7C548D75B20F01586D348982788626178D48C72D705E26
EEC752C82A84C1A5BC949FDD6FE23D70C8837A03184AA89A1E9698C730A51582
B22E3F12A8C41096D83DA3F9E04931AFE60A7BB182261861569858E3D50967CA
8F9AD0AD2BA5499CAF098C3DC055888883D1268257CF923A380E7C3460F1C63D
C44ACD1B6961D585E89366D0FE0C2DAC3FD6103318EC8FEBA3E4926C85B85A02
7C480891587F22CD8592CC4E9DD2F10D907E02CF46D6B4C188ADB13669AB3AEC
3BC1AFED855DBD8C729C50A74DFE01164673941DDF8DCAF4402D9B23EDC2F2CC
8ECE5D5C77C3A03B50C756F39B9212956143B969223318530A8DBB9F3D9F5F3D
E7E9D09E181901FE7F2FEE367AB9B7E6AE05150E3EE01046F370078911AB215C
029C0F4C44DA0733EC6455ABDD120FABA7FC7989489C3FE7CEC86C25BAD3E572
D7E228473690FEC029A0204FEB2AE58504A869C86686194B8034C21718A55BE7
038FA00486EBE8A4F22F167FD664ACC41D59334489A920F7F24CAD2910CF3417
3678034E693E3451754401C1B71D841DC8DCD63EA2DD9343FE52C81FD056D519
5856E52224EC2C7D322FE28E207A8AEF5D7B69032ED060FBD1EAD7331F67A004
9D1F858D2325A27944A21387B78FA3957B904325350E580E8DE5255AA650CB1D
3AAD467C86DBA8755E6F5209307CD311AB6F517F26578144E3C7B16308177D83
6EDC9B3FF9F69E86919D80B513E7CA4C93AC0DC03D6E40F85A8703FF49DA2758
8102995258F1D800A76273213AE57B3A320CBAFED491C101DB5EB7B191CE53D7
3063D671609088BB518FF69FDEC337EDD1BA5626BD427E03ED8D9D0F8EA4F14F
79C2038B401391923C4253A5409AE537E8D397C8DFE8510B9C467BE78CA04F59
5302E764A9638D86F787137ED02D6C59A4E1E6AA2E7BEE27EC91653C83E3127A
2F0375BB6A732010D0082F0F44F74D6A641E0A61C9F77D7922A15597CDA6A1CD
7A925D78C3B0F30B16EE358EEC51F2A6439027BDF37B1C840DBC49FF1B224054
C32844822C46D76E39AFD825348AB07D45CC6015A544DEBDF0C39A438D66006B
AA01B0CC318286ED4DB10B23D2A3CD27482EF2B0DF794234F62E2D59CFC67336
920BD70612E63C673CE3B84B4A1FC7319C2FB01FA940D8A269429FF8FDD5D018
17752B3F3B452ACAF372108CC233CA67790FF62716916A9B84B4E3EF31E89883
ED891F921F379916F6119C32DAFD068B13B216D11AB8F212BD309EF39F24D0DE
462BE856BF70BC25DF2A694825D99B97453F117100A3309DF3C03B1FC60EAA61
EC6283E87ABC73CDF0AF2120A77EA3140904B261D61782369B9A25431AEE9EBF
52B7243B9C07A51DABB3DC69216ADB6E277ACFFA827D2599C68C331ADEE8FEAF
BF754818C4033247F645C66E7A61E6E755795982339E74011857C79EF17F391D
5E7AAD698DC49213CE6C9A1B2DCFCCC3F42769855D5169D41BAF99B46D405AD0
C0A01267184FC943D6C5D373341FD495ECF6D69154343E3980A11635446D522F
19CCDB29F65B6BD79E536FCD3560874D8A725730BF24365CA9695C0322BB33D8
02459F35033D241A71124051153890CA8D3470AEBCE07446CF6E16D5757B51F1
4EC3682BC45036A0C48C01208EC1FB07B8AF6D9F03AC803A51B34876B3BE245E
B257088C0D3CA65F3A3BDA1B8CECF942D0967F3591E182EC32474737AB6BF3C6
02A29C72C2B6B9AE4359743AC10C232668A51F330799B902B32989769768E84A
5460CBEBC25FE4C856AFC5089702AFAA90EDCBC25C4980E021D1C59BF4E059EA

Domain:
telegra.ph
guvalas.ru
securonix.com
intezer.com

Url:
https://www.securonix.com/blog/hiding-the-powershell-execution-flow
https://intezer.com/blog/malware-analysis/how-threat-actors-abuse-lnk-file