top of page
Threat Roundup for September 27 to October 4
C45-2019-10-05-5
Indicators of Compromise (IOC) List
Indicator of Compromise (IOC) | Date Published | IOC Type |
|---|---|---|
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRUI.EXE
9
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRUI.EXE
Value Name | 05/10/2019 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.JS
38
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.JS\OPENWITHPROGIDS
38
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.JS\OPENWITHLIST
38
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\OFFICE\14.0\WORD\TEXT CONVERTERS\IMPORT\RECOVER
Value Name | 05/10/2019 | Win_Registry |
HKCR\CLSID | 05/10/2019 | Win_Registry |
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\OFFICE\14.0\WORD\TEXT CONVERTERS\IMPORT\WORDPERFECT6X
Value Name | 05/10/2019 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\YELLOWREPORTS
Value Name | 05/10/2019 | Win_Registry |
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\OFFICE\14.0\WORD\TEXT CONVERTERS
37
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\OFFICE\14.0\WORD\TEXT CONVERTERS\IMPORT
37
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\OFFICE\14.0\WORD\TEXT CONVERTERS\IMPORT\RECOVER
37
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\OFFICE\14.0\WORD\TEXT CONVERTERS\IMPORT\WRDPRFCTDOS
37
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\OFFICE\14.0\WORD\TEXT CONVERTERS\IMPORT\WORDPERFECT6X
37
Mutexes
Occurrences
Global\I98B68E3C
37
Global\M98B68E3C
37
Global\M3C28B0E4
19
Global\I3C28B0E4
19
IP Addresses contacted by malware. Does not indicate maliciousness
Occurrences
181.123.0.125
15
18.217.99.164
15
119.159.150.176
13
80.240.141.141
13
184.69.214.94
13
186.75.241.230
11
124.240.198.66
11
209.182.195.22
9
173.194.68.108 | 05/10/2019 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\PUBLICPROFILE
Value Name | 05/10/2019 | Win_Registry |
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\OFFICE\14.0\WORD\TEXT CONVERTERS\IMPORT\RECOVER
Value Name | 05/10/2019 | Win_Registry |
HKCU\SOFTWARE\WIN7ZIP
26
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\ACTION CENTER\CHECKS | 05/10/2019 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\ACTION CENTER\CHECKS | 05/10/2019 | Win_Registry |
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\OFFICE\14.0\WORD\TEXT CONVERTERS\IMPORT\WRDPRFCTDOS
Value Name | 05/10/2019 | Win_Registry |
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\OMYLCQKSW.EXE
Value Name | 05/10/2019 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.JS\OPENWITHPROGIDS
Value Name | 05/10/2019 | Win_Registry |
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
Value Name | 05/10/2019 | Win_Registry |
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BZSBKOTIU.EXE
Value Name | 05/10/2019 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\SSDPSRV
Value Name | 05/10/2019 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\MPSSVC
Value Name | 05/10/2019 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\WUAUSERV
Value Name | 05/10/2019 | Win_Registry |
HKCU\SOFTWARE\WIN7ZIP
Value Name | 05/10/2019 | Win_Registry |
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM
Value Name | 05/10/2019 | Win_Registry |
HKCU\CONTROL PANEL\DESKTOP
Value Name | 05/10/2019 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE
Value Name | 05/10/2019 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\WINDEFEND
Value Name | 05/10/2019 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE
Value Name | 05/10/2019 | Win_Registry |
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
Value Name | 05/10/2019 | Win_Registry |
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER
Value Name | 05/10/2019 | Win_Registry |
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION
Value Name | 05/10/2019 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\ | 05/10/2019 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\COMMAND PROCESSOR
Value Name | 05/10/2019 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\WSCSVC
Value Name | 05/10/2019 | Win_Registry |
HKCU\PRINTERS\DEFAULTS
25
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Value Name | 05/10/2019 | Win_Registry |
ce5ccbd7434dc4f3e00d5d615c8f1cfe | 05/10/2019 | MD5 |
HKCU\PRINTERS\DEFAULTS | 05/10/2019 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Value Name | 05/10/2019 | Win_Registry |
f919bc55f255fc49078e2b0e54e60b5e | 05/10/2019 | MD5 |
2418805ba4dbdf2b323c3ee2d28fd899 | 05/10/2019 | MD5 |
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Value Name | 05/10/2019 | Win_Registry |
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION
Value Name | 05/10/2019 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION
Value Name | 05/10/2019 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER
Value Name | 05/10/2019 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED
Value Name | 05/10/2019 | Win_Registry |
d30bfb82739133ccfd1a869f816afd1e | 05/10/2019 | MD5 |
5fa5dd9e6db7852950c1d75652840205 | 05/10/2019 | MD5 |
a289b7027c3a8ccd97e35492ec62c4a7 | 05/10/2019 | MD5 |
dd4b21e9ef71e1291183a46b913ae6f2 | 05/10/2019 | MD5 |
e4afed3b6057875d3cab2c8acadf19b0 | 05/10/2019 | MD5 |
82ffe6077d09c53372a2f4177b3a00fd | 05/10/2019 | MD5 |
fe298c697c247af42926ae65f504cbab | 05/10/2019 | MD5 |
79c70407c7e6ecfca660191065cb2e91 | 05/10/2019 | MD5 |
380d71f68b776c687229362c8017cfd4 | 05/10/2019 | MD5 |
bottom of page