14 lines
402 B
Plaintext
14 lines
402 B
Plaintext
TsCookiev2_IOCs {
|
|
meta:
|
|
creator = "Cpl Iverson"
|
|
date = "2025-01-12"
|
|
description = "Suspicious IPs, Hashes, and Domains"
|
|
apt_group = "BlackTech"
|
|
strings:
|
|
$sha256_fc863fbd = "fc863fbd71e22c99eaa2b1b0eb72d806cedeb536213e600afb03f0fbea9d2bb3"
|
|
$domain_home_mwbsys_org = "home.mwbsys.org"
|
|
$domain_app_dynamicrosoft_com = "app.dynamicrosoft.com"
|
|
condition:
|
|
any of them
|
|
}
|