216.73.217.50

Indicator (IOC)

yara Revoked AlienVault · Published 20/12/2025 19:42 · Modified 21/12/2025 03:06

Essential information

Value / Name
2ec2b10363382bb03fe5a07bc654686f88a3027b
Confidence
100/100
Revoked
Yes
Valid from
02/02/2024 12:49
Valid until
07/05/2025 13:49
Pattern type
yara
Published
20/12/2025 19:42
Modified
21/12/2025 03:06
Author / Source
AlienVault

Description

Detect Malicious Web page HTML file from CERT-UA#8399

Pattern

rule masepie_campaign_htmlstarter   
   {   
       meta:   
           description = "Detect Malicious Web page HTML file from CERT-UA#8399"   
           references = "TRR240101;https://cert.gov.ua/article/6276894"   
           hash = "628bc9f4aa71a015ec415d5d7d8cb168359886a231e17ecac2e5664760ee8eba"   
           date = "2024-01-24"   
           author = "HarfangLab"   
           context = "file"   
       strings:   
           $s1 = " " ascii wide fullword   
           $s2 = "src=\".\\Capture" ascii wide   
       condition:   
           filesize > 600 and filesize < 5KB   
           and (all of them)   
   }

Labels / Tags

Labels: apt28 fancy bear sofacy

Marking (TLP)

TLP:CLEAR

Related entities

No linked attack reports or intrusion sets yet.