Indicators of Compromise (IOCs) to Monitor

• Unusual outbound traffic to dynamic DNS services.
• Cobalt Strike beacons and default malleable profile signatures.
• Registry key anomalies.
• Use of known APT41 domains and IP addresses.
• Logins at unusual hours or from uncommon geolocations.
• Detection of known malware hashes and YARA rules.

YARA (Yet Another Regex Analyzer) is a rule-based tool used to detect malware or suspicious files by matching patterns in code, memory, or network traffic.