IOC: d7019b32cdd62a67c3ca6f89b0d192c2a58008e9

216.73.216.233

Indicator (IOC)

yara Revoked AlienVault · Published 20/12/2025 19:32 · Modified 20/12/2025 19:32

Essential information

Value / Name: d7019b32cdd62a67c3ca6f89b0d192c2a58008e9
Confidence: 100/100
Revoked: Yes
Valid from: 03/05/2022 11:07
Valid until: 06/08/2023 11:07
Pattern type: yara
Published: 20/12/2025 19:32
Modified: 20/12/2025 19:32
Author / Source: AlienVault

Description

No description.

Pattern

rule QUIETEXIT_strings   
   {   
    meta:   
    author = "Mandiant"   
    date_created = "2022-01-13"   
    date_modified = "2022-01-13"   
    rev = 1   
    strings:   
    $s1 = "[email protected]"   
    $s2 = "auth-%.8x-%d"   
    $s3 = "Child connection from %s:%s"   
    $s4 = "Compiled without normal mode, can't run without -i"   
    $s5 = "cancel-tcpip-forward"   
    $s6 = "dropbear_prng"   
    $s7 = "cron"   
    condition:   
    uint32be(0) == 0x7F454C46 and filesize < 2MB and all of them   
   }

Labels / Tags

Labels: dynamic dns quietexit regeorg socks tunnel unc3452 unc3524

Marking (TLP)

TLP:CLEAR

Related entities

No linked attack reports or intrusion sets yet.