216.73.216.36

Indicator (IOC)

yara Revoked AlienVault · Published 20/12/2025 19:38 · Modified 20/12/2025 23:34

Essential information

Value / Name
7f0daaa7ec764a6446e8ba188a9bb61ffd5ef2d5
Confidence
100/100
Revoked
Yes
Valid from
14/03/2023 04:35
Valid until
16/06/2024 05:35
Pattern type
yara
Published
20/12/2025 19:38
Modified
20/12/2025 23:34
Author / Source
AlienVault

Description

No description.

Pattern

rule M_APT_Loader_Win_CLOUDBURST_1 {   
    meta:   
    author = "Mandiant"   
    strings:    
   $anchor1 = "Microsoft Enhanced Cryptographic Provider v1.0" ascii wide   
   $code1 = { 74 79 70 }   
   $code2 = { 65 71 75 69 }   
   $code3 = { 62 6F 78 69 }   
   $code4 = { E8 ?? ?? ?? ?? FF C6 B8 99 99 99 99 F7 EE D1 FA 8B C2 C1 E8 1F 03 D0 8D 04 16 8D 34 90 85 F6 75 ?? }   
   $str1 = "%s%X"    
    condition:   
    uint16(0) == 0x5a4d and all of them   
   }

Labels / Tags

Labels: lidshift lidshot lightshift phish plankwalk sideshow temp.hermit tightvnc viewer touchshift unc2970 wordpress

Marking (TLP)

TLP:CLEAR

Related entities

Reports and intrusion sets linked to this IOC.

Intrusion sets (1)

  • TEMP.Hermit
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 ·