junk/spl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update yara/[X]Flagpro-yara-20250112.yar

Browse Source
This commit is contained in:
junk
2025-01-13 10:32:12 -05:00
parent 4965e96159
commit 1f9be1a644
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
yara/[X]Flagpro-yara-20250112.yar Normal file
View File

@ -0,0 +1,28 @@
[X]Updated
```
Flagpro_IOCs {
meta:
creator = "Cpl Iverson"
date = "2025-01-12"
description = "Suspicious IPs, Hashes, and Domains"
apt_group = "BlackTech"
strings:
$ip_107_191_61_40 = "107.191.61.40"
$ip_172_104_109_217 = "172.104.109.217"
$ip_139_162_87_180 = "139.162.87.180"
$ip_45_76_184_227 = "45.76.184.227"
$ip_45_32_23_140 = "45.32.23.140"
$sha256_e197c583 = "e197c583f57e6c560b576278233e3ab050e38aa9424a5d95b172de66f9cfe970"
$sha256_840ce62f = "840ce62f92fc519cd1a33b62f4b9f92a962b7fb28c12d2f607dec0b520e6a4b2"
$sha256_e81255ff = "e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876"
$sha256_655ca39b = "655ca39beb2413803af099879401e6d634942a169d2f57eb30f96154a78b2ad5"
$sha256_54e6ea47 = "54e6ea47eb04634d3e87fd7787e2136ccfbcc80ade34f246a12cf93bab527f6b"
$sha256_77680fb9 = "77680fb906476f0d84e15d5032f09108fdef8933bcad0b941c9f375fedd0b2c9"
$sha256_ba27ae12 = "ba27ae12e6f3c2c87fd2478072dfa2747d368a507c69cd90b653c9e707254a1d"
$domain_update_centosupdates_com = "update.centosupdates.com"
$domain_org_misecure_com = "org.misecure.com"
condition:
any of them
}
```