IOC: 75a9ffebf5897fd52d2fdab44a7450bd3f6e68a9

216.73.217.22

Indicator (IOC)

yara Revoked AlienVault · Published 20/12/2025 19:32 · Modified 20/12/2025 19:32

Essential information

Value / Name: 75a9ffebf5897fd52d2fdab44a7450bd3f6e68a9
Confidence: 100/100
Revoked: Yes
Valid from: 03/05/2022 11:07
Valid until: 06/08/2023 11:07
Pattern type: yara
Published: 20/12/2025 19:32
Modified: 20/12/2025 19:32
Author / Source: AlienVault

Description

No description.

Pattern

rule UNC3524_sha1   
   {   
    meta:   
    author = "Mandiant"   
    date_created = "2022-01-19"   
    date_modified = "2022-01-19"   
    strings:   
    $h1 = { DD E5 D5 97 20 53 27 BF F0 A2 BA CD 96 35 9A AD 1C 75 EB 47 }   
    condition:   
    uint32be(0) == 0x7F454C46 and filesize < 10MB and all of them   
   }

Labels / Tags

Labels: dynamic dns quietexit regeorg socks tunnel unc3452 unc3524

Marking (TLP)

TLP:CLEAR

Related entities

No linked attack reports or intrusion sets yet.