top of page
Threat Roundup for March 20 to March 27
C45-2020-03-28-9
Indicators of Compromise (IOC) List
Indicator of Compromise (IOC) | Date Published | IOC Type |
|---|---|---|
HKCU\SOFTWARE\B37FF8C98AF383EE45F9778F519D2E9B
1
Mutexes
Occurrences
32 random hex characters
11
5cd8f17f4086744065eb0992a09e05a2
3
Windows Update
3
b37ff8c98af383ee45f9778f519d2e9bSGFjS2Vk
1
1065552f4f
1
yugxazvexwl
1
IP Addresses contacted by malware. Does not indicate maliciousness
Occurrences
194.135.164.55
3
171.5.185.230
2
141.255.158.154
1
Domain Names contacted by malware. Does not indicate maliciousness
Occurrences
turalqeribov.duckdns.org
3
flukez.ddns.net
2
dnessss2.o-r.kr
1
codertricks.zapto.org
1
Files and or directories created
Occurrences | 28/03/2020 | Win_Registry |
HKCU\SOFTWARE\2320633BBD5B9C41D628D6D2B760A34D
1
HKCU\SOFTWARE\C10707A21A59B1E966A9CCA0ECFCE04C
1
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Value Name | 28/03/2020 | Win_Registry |
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\CRYPTOGRAPHY\AUTOENROLLMENT
1
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Value Name | 28/03/2020 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM
4
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\CURRENTVERSION
4
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\CURRENTVERSION\EXPLORERN
4
HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE
Value Name | 28/03/2020 | Win_Registry |
HKU\.DEFAULT\SOFTWARE\MICROSOFT\ACTIVEMOVIE
5
HKU\.DEFAULT\SOFTWARE\MICROSOFT\ACTIVEMOVIE\DEVENUM
5
HKLM\SYSTEM\CONTROLSET001\SERVICES\SJBSJB SKCSK
2
HKLM\SYSTEM\CONTROLSET001\SERVICES\SJBSJB SKCSK
Value Name | 28/03/2020 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\ACTION CENTER\CHECKS | 28/03/2020 | Win_Registry |
HKCU\SOFTWARE\XVYG
Value Name | 28/03/2020 | Win_Registry |
HKCR\.8CA9D793
25
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Value Name | 28/03/2020 | Win_Registry |
HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE
25
HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE\OSUPGRADE
25
HKCU\SOFTWARE\XVYG
25
HKLM\SOFTWARE\WOW6432NODE\XVYG
25
HKCR\C3B6167
25
HKCR\C3B6167\SHELL
25
HKCR\C3B6167\SHELL\OPEN
25
HKCR\C3B6167\SHELL\OPEN\COMMAND
25
HKCR\.8CA9D793
25
HKCU\SOFTWARE\random | 28/03/2020 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER
25
HKLM\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER
Value Name | 28/03/2020 | Win_Registry |
HKCU\SOFTWARE\B9167AE51154E9339DFF486161A9E100
Value Name | 28/03/2020 | Win_Registry |
HKLM\SOFTWARE\WOW6432NODE\XVYG
Value Name | 28/03/2020 | Win_Registry |
HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE\OSUPGRADE
Value Name | 28/03/2020 | Win_Registry |
HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\WINDOWSUPDATE
Value Name | 28/03/2020 | Win_Registry |
HKCU\SOFTWARE\C10707A21A59B1E966A9CCA0ECFCE04C
Value Name | 28/03/2020 | Win_Registry |
HKCU\SOFTWARE\B9167AE51154E9339DFF486161A9E100
1
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Value Name | 28/03/2020 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED
Value Name | 28/03/2020 | Win_Registry |
HKCU\SOFTWARE\279F6960ED84A752570ACA7FB2DC1552
Value Name | 28/03/2020 | Win_Registry |
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Value Name | 28/03/2020 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\PHYPHX QIYQH
Value Name | 28/03/2020 | Win_Registry |
HKCU\ENVIRONMENT
Value Name | 28/03/2020 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
Value Name | 28/03/2020 | Win_Registry |
HKU\S-1-5-21-2580483871-590521980-3826313501-500
Value Name | 28/03/2020 | Win_Registry |
HKCU\SOFTWARE\279F6960ED84A752570ACA7FB2DC1552
4
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Value Name | 28/03/2020 | Win_Registry |
HKLM\SYSTEM\SELECT
Value Name | 28/03/2020 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\SJBSJB SKCSK
Value Name | 28/03/2020 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\PHYPHX QIYQH
6
HKLM\SYSTEM\CONTROLSET001\SERVICES\PHYPHX QIYQH
Value Name | 28/03/2020 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\JBRJAR KBSKB
1
HKLM\SYSTEM\CONTROLSET001\SERVICES\JBRJAR KBSKB
Value Name | 28/03/2020 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\JBRJAR KBSKB
Value Name | 28/03/2020 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Value Name | 28/03/2020 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\MEDIAPLAYER\HEALTH | 28/03/2020 | Win_Registry |
HKU\.DEFAULT\SOFTWARE\MICROSOFT\ACTIVEMOVIE\DEVENUM
Value Name | 28/03/2020 | Win_Registry |
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\CURRENTVERSION\EXPLORERN
Value Name | 28/03/2020 | Win_Registry |
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\AUTHROOT\CERTIFICATES\75E0ABB6138512271C04F85FDDDE38E4B7242EFE
Value Name | 28/03/2020 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM
Value Name | 28/03/2020 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE
Value Name | 28/03/2020 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\WSCSVC
Value Name | 28/03/2020 | Win_Registry |
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER
Value Name | 28/03/2020 | Win_Registry |
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
Value Name | 28/03/2020 | Win_Registry |
B37FF8C98AF383EE45F9778F519D2E9B | 28/03/2020 | MD5 |
B9167AE51154E9339DFF486161A9E100 | 28/03/2020 | MD5 |
b9167ae51154e9339dff486161a9e100 | 28/03/2020 | MD5 |
HKCU\SOFTWARE\ | 28/03/2020 | Win_Registry |
c10707a21a59b1e966a9cca0ecfce04c | 28/03/2020 | MD5 |
b37ff8c98af383ee45f9778f519d2e9b | 28/03/2020 | MD5 |
2320633BBD5B9C41D628D6D2B760A34D | 28/03/2020 | MD5 |
C10707A21A59B1E966A9CCA0ECFCE04C | 28/03/2020 | MD5 |
5cd8f17f4086744065eb0992a09e05a2 | 28/03/2020 | MD5 |
279F6960ED84A752570ACA7FB2DC1552 | 28/03/2020 | MD5 |
279f6960ed84a752570aca7fb2dc1552 | 28/03/2020 | MD5 |
bottom of page