top of page
Threat Roundup for April 3 to April 10
C45-2020-04-11-1
Indicators of Compromise (IOC) List
Indicator of Compromise (IOC) | Date Published | IOC Type |
|---|---|---|
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS
Value Name | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\4574B70B4269DBD5CA5ED7BB4177052F
Value Name | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED
Value Name | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\8150EE3EDD820BE2E743A152A5606A46
1
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Value Name | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\4F96FE1A9678A20D54D9AFFDBAF9D27F
Value Name | 11/04/2020 | Win_Registry |
HKCU\ENVIRONMENT
Value Name | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\F975776AA60E54F3F0A6E78AF19AE236
1
Mutexes
Occurrences
32 random hex characters
66
IP Addresses contacted by malware. Does not indicate maliciousness
Occurrences
141.255.148.26
3
140.82.57.249
2
41.235.176.195
1
73.59.111.31
1
201.14.230.131
1
59.16.247.249
1
91.55.143.93
1
195.142.64.243
1
105.67.132.172
1
51.218.202.75
1
209.126.107.37
1
141.255.151.99
1
196.64.252.167
1
91.16.44.107
1
Domain Names contacted by malware. Does not indicate maliciousness
Occurrences
updatehost.duckdns.org
3
hostacosta.hopto.org
3
maistro.linkpc.net
1
njrat5811.ddns.net
1
wrk99.ddns.net
1
paleb.no-ip.org
1
updatefacebook.ddns.net
1
anoy.zapto.org
1
sks.ddns.net
1
playgom.duckdns.org
1
sel.ze.am
1
fa1990.ddns.net
1
cadeee.ddns.net
1
forport.ddns.net
1
kamel000000000.ddns.net
1
uwk007.zapto.org
1
googlescholar.ddns.net
1
microsoft-windows7.ddns.net
1
mrblackyhacker.ddns.net
1
sisinadz.ddns.net
1
rare06.duckdns.org
1
tonik.ddns.net
1
nnjjrraatt.ddns.net
1
andolsi55.ddns.net
1
mohamedahmed123.ddns.net
1 | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\8150EE3EDD820BE2E743A152A5606A46
Value Name | 11/04/2020 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\WBENGINE
Value Name | 11/04/2020 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\VSS
Value Name | 11/04/2020 | Win_Registry |
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\AUTHROOT\CERTIFICATES\75E0ABB6138512271C04F85FDDDE38E4B7242EFE
Value Name | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\E98E20D3A7CDC2CFEF25EFD285F46E3C
Value Name | 11/04/2020 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER
25
HKLM\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER
Value Name | 11/04/2020 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\WSCSVC
Value Name | 11/04/2020 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\MSISERVER
Value Name | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\279F6960ED84A752570ACA7FB2DC1552
2
HKCU\SOFTWARE\165D6ED988AC1DBEC1627A1CA9899D84
2
HKCU\SOFTWARE\4F96FE1A9678A20D54D9AFFDBAF9D27F
2
HKCU\SOFTWARE\MICROSOFT\WINDOWS
Value Name | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\279F6960ED84A752570ACA7FB2DC1552
Value Name | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\165D6ED988AC1DBEC1627A1CA9899D84
Value Name | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE
Value Name | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\D8B0324F235AC1E3F5B945098C65BC99
Value Name | 11/04/2020 | Win_Registry |
HKU\S-1-5-21-2580483871-590521980-3826313501-500
Value Name | 11/04/2020 | Win_Registry |
HKCU\CONTROL PANEL\DESKTOP
Value Name | 11/04/2020 | Win_Registry |
HKLM\SOFTWARE\WOW6432NODE\MOZILLA\MOZILLA THUNDERBIRD
1
HKCU\SOFTWARE\NETWIRE
1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
Value Name | 11/04/2020 | Win_Registry |
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER
Value Name | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\D8B0324F235AC1E3F5B945098C65BC99
3
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Value Name | 11/04/2020 | Win_Registry |
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Value Name | 11/04/2020 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER
16
HKLM\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER
Value Name | 11/04/2020 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\UI0DETECT
Value Name | 11/04/2020 | Win_Registry |
HKCR\.SAGE
14
HKCR\SAGE.NOTICE\DEFAULTICON
14
HKCR\SAGE.NOTICE\FRIENDLYTYPENAME
14
HKCR\SAGE.NOTICE\SHELL\OPEN\COMMAND
14
HKCR\HTAFILE\DEFAULTICON
14
HKCR\.SAGE
14
HKCR\SAGE.NOTICE
14
HKCR\SAGE.NOTICE\DEFAULTICON
14
HKCR\SAGE.NOTICE\FRIENDLYTYPENAME
14
HKCR\SAGE.NOTICE\SHELL
14
HKCR\SAGE.NOTICE\SHELL\OPEN
14
HKCR\SAGE.NOTICE\SHELL\OPEN\COMMAND
14
HKCR\HTAFILE
14
HKCR\HTAFILE\DEFAULTICON
14
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\MOUNTPOINTS2 | 11/04/2020 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\IEETWCOLLECTORSERVICE
Value Name | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\MOUNTPOINTS2 | 11/04/2020 | Win_Registry |
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\ACTIVE SETUP\INSTALLED COMPONENTS | 11/04/2020 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\ | 11/04/2020 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\WINDEFEND
Value Name | 11/04/2020 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\VDS
Value Name | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS MESSAGING SUBSYSTEM\PROFILES\OUTLOOK\5309EDC19DC6C14CBAD5BA06BDBDABD9
1
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS MESSAGING SUBSYSTEM\PROFILES\OUTLOOK\82FA2A40D311B5469A626349C16CE09B
1
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS MESSAGING SUBSYSTEM\PROFILES\OUTLOOK\8503020000000000C000000000000046
1
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS MESSAGING SUBSYSTEM\PROFILES\OUTLOOK\9207F3E0A3B11019908B08002B2A56C2
1
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS MESSAGING SUBSYSTEM\PROFILES\OUTLOOK\9E71065376EE7F459F30EA2534981B83
1
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS MESSAGING SUBSYSTEM\PROFILES\OUTLOOK\A88F7DCF2E30234E8288283D75A65EFB
1
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS MESSAGING SUBSYSTEM\PROFILES\OUTLOOK\C02EBC5353D9CD11975200AA004AE40E
1
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS MESSAGING SUBSYSTEM\PROFILES\OUTLOOK\D33FC3B19A738142B2FC0C56BD56AD8C
1
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS MESSAGING SUBSYSTEM\PROFILES\OUTLOOK\DDB0922FC50B8D42BE5A821EDE840761
1
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS MESSAGING SUBSYSTEM\PROFILES\OUTLOOK\DF18513432D1694F96E6423201804111
1
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS MESSAGING SUBSYSTEM\PROFILES\OUTLOOK\ECD15244C3E90A4FBD0588A41AB27C55
1
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS MESSAGING SUBSYSTEM\PROFILES\OUTLOOK | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\NETWIRE
Value Name | 11/04/2020 | Win_Registry |
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\AUTHROOT\CERTIFICATES\DAC9024F54D8F6DF94935FB1732638CA6AD77C13
Value Name | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS MESSAGING SUBSYSTEM\PROFILES\OUTLOOK | 11/04/2020 | Win_Registry |
4af46a85b4fa87853b0e65b1ad2a35a6 | 11/04/2020 | MD5 |
HKCU\Software\Microsoft\random | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS MAIL\JUNK MAIL\BLOCK SENDERS LIST
Value Name | 11/04/2020 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\OSE
Value Name | 11/04/2020 | Win_Registry |
HKLM\SYSTEM\CONTROLSET001\SERVICES\MOZILLAMAINTENANCE
Value Name | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\IAM
Value Name | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\IDENTITYCRL\DYNAMIC SALT
Value Name | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS MAIL\JUNK MAIL\SAFE SENDERS LIST
Value Name | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\PRIVACY
Value Name | 11/04/2020 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS MAIL\MAIL
Value Name | 11/04/2020 | Win_Registry |
bottom of page