IOC: 5abcddd9107abbe98c430447d9dd7af2805d9803

216.73.216.226

Indicator (IOC)

yara Revoked AlienVault · Published 21/12/2025 01:23 · Modified 21/12/2025 01:23

Essential information

Value / Name: 5abcddd9107abbe98c430447d9dd7af2805d9803
Confidence: 100/100
Revoked: Yes
Valid from: 07/09/2023 21:24
Valid until: 10/12/2024 20:24
Pattern type: yara
Published: 21/12/2025 01:23
Modified: 21/12/2025 01:23
Author / Source: AlienVault

Description

Detects trojan downloader samples

Pattern

rule CISA_10430311_01 : METERPRETER trojan downloader   
      
   				{   
      
   				meta:   
      
   				 author = "CISA Code & Media Analysis"   
      
   				 incident = "10430311"   
      
   				 date = "2023-03-03"   
      
   				 last_modified = "20230404_1200"   
      
   				 actor = "n/a"   
      
   				 family = "METERPRETER"   
      
   				 Capabilities = "n/a"   
      
   				 Malware_Type = "trojan downloader"   
      
   				 Tool_Type = "n/a"   
      
   				 description = "Detects trojan downloader samples"   
      
   				 sha256_1 = "334c2d0af191ed96b15095a4a098c400f2c0ce6b9c66d1800f6b74554d59ff4b"   
      
   				strings:   
      
   				 $s1 = { 49 be 77 73 32 5f 33 32 }   
      
   				 $s2 = { 49 89 e6 48 81 ec a0 01 }   
      
   				 $s3 = { 49 bc 02 00 e5 6b b3 3c 93 04 }   
      
   				 $s4 = { 41 ba 4c 77 26 07 ff d5 }   
      
   				 $s5 = { 41 ba ea 0f df e0 ff d5 }   
      
   				 $s6 = { 41 ba 99 a5 74 61 ff d5 }   
      
   				 $s7 = { 41 ba 02 d9 c8 5f ff d5 }   
      
   				 $s8 = { 41 ba 58 a4 53 e5 ff d5 }   
      
   				condition:   
      
   				 all of them   
      
   				}

Marking (TLP)

TLP:CLEAR

Related entities

No linked attack reports or intrusion sets yet.