216.73.217.80

Indicator (IOC)

yara Revoked AlienVault · Published 20/12/2025 19:32 · Modified 20/12/2025 21:15

Essential information

Value / Name
2d79e75d58d14de341a5ef5218821ba729942288
Confidence
100/100
Revoked
Yes
Valid from
02/06/2022 10:15
Valid until
05/09/2023 10:15
Pattern type
yara
Published
20/12/2025 19:32
Modified
20/12/2025 21:15
Author / Source
AlienVault

Description

No description.

Pattern

rule ElMachete_msi   
   {   
       meta:   
           author = "CPR"   
           hash1 = "ED09DA9D48AFE918F9C7F72FE4466167E2F127A28A7641BA80D6165E82F48431"   
       strings:   
           $s1 = "MSI Wrapper (8.0.26.0)"   
           $s2 = "Windows Installer XML Toolset (3.11.0.1701)"   
           $s3 = "\\Lib\\site-packages\\PIL\\"   
           $s4 = "\\Lib\\site-packages\\pyHook\\"   
           $s5 = "\\Lib\\site-packages\\requests\\"   
           $s6 = "\\Lib\\site-packages\\win32com\\"   
           $s7 = "\\Lib\\site-packages\\Crypto\\"   
       condition:   
           4 of them   
   }

Labels / Tags

Labels: apt cve201711882 el machete geopolitical conflict lyceum sidewinder spear-phishing ukraine

Marking (TLP)

TLP:CLEAR