IOC: 4f4f2f449c71b90c76a5fe54b8eea285865378e0

216.73.216.6

Indicator (IOC)

yara Revoked AlienVault · Published 20/12/2025 19:32 · Modified 20/12/2025 21:15

Essential information

Value / Name: 4f4f2f449c71b90c76a5fe54b8eea285865378e0
Confidence: 100/100
Revoked: Yes
Valid from: 02/06/2022 10:15
Valid until: 05/09/2023 10:15
Pattern type: yara
Published: 20/12/2025 19:32
Modified: 20/12/2025 21:15
Author / Source: AlienVault

Description

No description.

Pattern

rule ElMachete_doc   
   {   
       meta:   
           author = "CPR"   
           hash1 = "8E1360CC27E95FC47924D9BA3EF84CB8FA9E142CFD16E1503C5277D0C16AE241"   
       strings:   
           $s1 = "You want to continue with the Document" ascii   
           $s2 = "certutil -decode" ascii   
           $s3 = /C:\\ProgramData\\.{1,20}\.txt/   
           $s4 = /C:\\ProgramData\\.{1,20}\.vbe/   
       condition:   
           uint16be(0) == 0xD0CF and 2 of ($s*)   
   }

Labels / Tags

Labels: apt cve201711882 el machete geopolitical conflict lyceum sidewinder spear-phishing ukraine

Marking (TLP)

TLP:CLEAR

Indicator (IOC)

Essential information

Description

Pattern

Labels / Tags

Marking (TLP)

Related entities

Intrusion sets (2)