TsCookiev2_IOCs { meta: creator = "Cpl Iverson" date = "2025-01-12" description = "Suspicious IPs, Hashes, and Domains" apt_group = "BlackTech" strings: $sha256_fc863fbd = "fc863fbd71e22c99eaa2b1b0eb72d806cedeb536213e600afb03f0fbea9d2bb3" $domain_home_mwbsys_org = "home.mwbsys.org" $domain_app_dynamicrosoft_com = "app.dynamicrosoft.com" condition: any of them }