Flagpro_IOCs {
  meta:
    creator = "Cpl Iverson"
    date = "2025-01-12"
    description = "Suspicious IPs, Hashes, and Domains"
    apt_group = "BlackTech"
  strings:
    $ip_107_191_61_40 = "107.191.61.40"
    $ip_172_104_109_217 = "172.104.109.217"
    $ip_139_162_87_180 = "139.162.87.180"
    $ip_45_76_184_227 = "45.76.184.227"
    $ip_45_32_23_140 = "45.32.23.140"
    $sha256_e197c583 = "e197c583f57e6c560b576278233e3ab050e38aa9424a5d95b172de66f9cfe970"
    $sha256_840ce62f = "840ce62f92fc519cd1a33b62f4b9f92a962b7fb28c12d2f607dec0b520e6a4b2"
    $sha256_e81255ff = "e81255ff6e0ed937603748c1442ce9d6588decf6922537037cf3f1a7369a8876"
    $sha256_655ca39b = "655ca39beb2413803af099879401e6d634942a169d2f57eb30f96154a78b2ad5"
    $sha256_54e6ea47 = "54e6ea47eb04634d3e87fd7787e2136ccfbcc80ade34f246a12cf93bab527f6b"
    $sha256_77680fb9 = "77680fb906476f0d84e15d5032f09108fdef8933bcad0b941c9f375fedd0b2c9"
    $sha256_ba27ae12 = "ba27ae12e6f3c2c87fd2478072dfa2747d368a507c69cd90b653c9e707254a1d"
    $domain_update_centosupdates_com = "update.centosupdates.com"
    $domain_org_misecure_com = "org.misecure.com"
  condition:
    any of them
}