C45-2020-05-16-5 3/4

Indicator of Compromise (IOC)	Date Published	IOC Type
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\NETWORKLIST\PROFILES	16/05/2020	Win_Registry
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\REMOTE DESKTOP\CERTIFICATES\E5B4F4A638B350BE4F85E6A114B0D3F6A784B862 1 HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\REMOTE DESKTOP\CERTIFICATES Value Name	16/05/2020	Win_Registry
HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\REMOTE DESKTOP\CERTIFICATES\E5B4F4A638B350BE4F85E6A114B0D3F6A784B862 Value Name	16/05/2020	Win_Registry
HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER\WINSTATIONS Value Name	16/05/2020	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE Value Name	16/05/2020	Win_Registry
HKCU\Software\Remcos-random	16/05/2020	Win_Registry
HKLM\SAM\SAM\DOMAINS\ACCOUNT\USERS\000003EE Value Name	16/05/2020	Win_Registry
HKCU\SOFTWARE\APPDATALOW\SOFTWARE\MICROSOFT\D31CC7AF-167C-7D04-B8B7-AA016CDB7EC5 Value Name	16/05/2020	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\WUAUSERV Value Name	16/05/2020	Win_Registry
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR Value Name	16/05/2020	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER Value Name	16/05/2020	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM Value Name	16/05/2020	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED Value Name	16/05/2020	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\WINDEFEND Value Name	16/05/2020	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\ACTION CENTER\CHECKS	16/05/2020	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER Value Name	16/05/2020	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\WSCSVC Value Name	16/05/2020	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS Value Name	16/05/2020	Win_Registry
HKCR\CLSID	16/05/2020	Win_Registry
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN 22 IP Addresses contacted by malware. Does not indicate maliciousness Occurrences 184.105.192.2 22 23.236.62.147 22 40.112.72.205 19 104.215.148.63 19 40.113.200.201 12 40.76.4.15 12 40.91.124.111 3 193.30.35.11 2 147.156.7.26 2 129.70.132.37 2 144.76.96.7 2 20.45.1.107 1 40.90.247.210 1 185.122.238.196 1 130.208.87.149 1 213.5.39.34 1 37.187.5.167 1 176.9.102.215 1 212.92.16.193 1 5.103.128.88 1 62.12.167.109 1 163.172.61.210 1 131.188.3.222 1 37.187.20.28 1 185.209.85.222 1	16/05/2020	Win_Registry
HKLM\SYSTEM\CONTROLSET001\SERVICES\BFE Value Name	16/05/2020	Win_Registry
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\CD BURNING Value Name	16/05/2020	Win_Registry
0f5cc32fcbc5d31844a78f58ecb211a09cb69182c62c0b56c90f9d94c81d6253	16/05/2020	SHA-256
40209cc52c7598ebe431b7042078fbceb0f15a443b41df001900b10baf5fc204	16/05/2020	SHA-256
3f3cf021fac08cf239ceef07cc750bf55e5aa0222faf77e791691fbff6e23f6b	16/05/2020	SHA-256
402cc9bcd9b0e38c90c255c5494fc0ac7bbb8499c11fde1f5c8ef86ec88d4804	16/05/2020	SHA-256
15e1332c3ac244e7c09e820f003573fff04ed54bb0021b8d73d44b4a636e527d	16/05/2020	SHA-256
3976996e28319f1ccfd61371905b6b4843a1e7667430c499ffc3b8b3477f00c5	16/05/2020	SHA-256
84.253.247.9	16/05/2020	IPv4
273980bca4f636674f0c28b0ecbf3319514b7ba662921a8599ffbd346e7ee22c	16/05/2020	SHA-256
f8251982a9bf3ebac894ec96481ce2a727528df6b7b83d55a1efa9d53f3cfb74	16/05/2020	SHA-256
ebcff0b451de2bdd8a5b10f2401b4b7f778dd11d16b7c5b86da53ee01dba3214	16/05/2020	SHA-256
ee74f9d992cfc53869afc70436c0a8a4f23fed17c58fa72d4afb2020534078e7	16/05/2020	SHA-256
4e23bd3066439f8101dde9a201362b78b6d18aefc790b4409d8597bda2411a7d	16/05/2020	SHA-256
3262aefb27d67eec8928848101c9dcbd3decfb5fe276752615f55188ec879b8b	16/05/2020	SHA-256
37.203.94.205	16/05/2020	IPv4
e3ca32338016576492e9355b0fa8713ce743a89d1c97c53087dd9e0f6e7a5c69	16/05/2020	SHA-256
38c2611a12e3f731bf77a841a62cc729e7350b8739a5563734ce4293be2604bd	16/05/2020	SHA-256
d988e37695bb220b194c9fb65ef556ceb31383d3593650ab14fd8e4ddcc4ef92	16/05/2020	SHA-256
324aa329d58e8033b2a7ed153d8ade943d0e677ad485ff9e83b025968254e1de	16/05/2020	SHA-256
cd017ddd49ee62be83c1746798e563ef1457a699c529cfa5b9263d9436c40069	16/05/2020	SHA-256
677bfc6bc34007326eacc1917194a57c60cd02573419fc6ca4d3955aed307ed4	16/05/2020	SHA-256
ac4b05b77f030f730cb7101e30a2b4ca86851007202ca05f41775c5a4324ed96	16/05/2020	SHA-256
204.254.253.254	16/05/2020	IPv4
bf80b6a0cffb01ff4bdb38c0da69d9a107dbf1ca792ed89a80b090e07e8011a2	16/05/2020	SHA-256
134.254.253.254	16/05/2020	IPv4
934a0f75e8d9f66d25087f067927c5dfb9cdbc860acce2320932b3ea6e54883c	16/05/2020	SHA-256
bb089100d669bb3d3c40450edc2102b9d28699063f3701cfd3fa5f728152bdff	16/05/2020	SHA-256
117.254.253.254	16/05/2020	IPv4
b97f98a6a63ecd9a9ef954ea60554e6f4f2b5cf93639ec57573951a17251eb9e	16/05/2020	SHA-256

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\NETWORKLIST\PROFILES

16/05/2020

Win_Registry

HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\REMOTE DESKTOP\CERTIFICATES\E5B4F4A638B350BE4F85E6A114B0D3F6A784B862 1 HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\REMOTE DESKTOP\CERTIFICATES Value Name

16/05/2020

Win_Registry

HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\REMOTE DESKTOP\CERTIFICATES\E5B4F4A638B350BE4F85E6A114B0D3F6A784B862 Value Name

16/05/2020

Win_Registry

HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER\WINSTATIONS Value Name

16/05/2020

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE Value Name

16/05/2020

Win_Registry

HKCU\Software\Remcos-random

16/05/2020

Win_Registry

HKLM\SAM\SAM\DOMAINS\ACCOUNT\USERS\000003EE Value Name

16/05/2020

Win_Registry

HKCU\SOFTWARE\APPDATALOW\SOFTWARE\MICROSOFT\D31CC7AF-167C-7D04-B8B7-AA016CDB7EC5 Value Name

16/05/2020

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\WUAUSERV Value Name

16/05/2020

Win_Registry

HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR Value Name

16/05/2020

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER Value Name

16/05/2020

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM Value Name

16/05/2020

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED Value Name

16/05/2020

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\WINDEFEND Value Name

16/05/2020

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\ACTION CENTER\CHECKS

16/05/2020

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER Value Name

16/05/2020

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\WSCSVC Value Name

16/05/2020

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS Value Name

16/05/2020

Win_Registry

HKCR\CLSID

16/05/2020

Win_Registry

HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN 22 IP Addresses contacted by malware. Does not indicate maliciousness Occurrences 184.105.192.2 22 23.236.62.147 22 40.112.72.205 19 104.215.148.63 19 40.113.200.201 12 40.76.4.15 12 40.91.124.111 3 193.30.35.11 2 147.156.7.26 2 129.70.132.37 2 144.76.96.7 2 20.45.1.107 1 40.90.247.210 1 185.122.238.196 1 130.208.87.149 1 213.5.39.34 1 37.187.5.167 1 176.9.102.215 1 212.92.16.193 1 5.103.128.88 1 62.12.167.109 1 163.172.61.210 1 131.188.3.222 1 37.187.20.28 1 185.209.85.222 1

16/05/2020

Win_Registry

HKLM\SYSTEM\CONTROLSET001\SERVICES\BFE Value Name

16/05/2020

Win_Registry

HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\CD BURNING Value Name

16/05/2020

Win_Registry

0f5cc32fcbc5d31844a78f58ecb211a09cb69182c62c0b56c90f9d94c81d6253

16/05/2020

SHA-256

40209cc52c7598ebe431b7042078fbceb0f15a443b41df001900b10baf5fc204

16/05/2020

SHA-256

3f3cf021fac08cf239ceef07cc750bf55e5aa0222faf77e791691fbff6e23f6b

16/05/2020

SHA-256

402cc9bcd9b0e38c90c255c5494fc0ac7bbb8499c11fde1f5c8ef86ec88d4804

16/05/2020

SHA-256

15e1332c3ac244e7c09e820f003573fff04ed54bb0021b8d73d44b4a636e527d

16/05/2020

SHA-256

3976996e28319f1ccfd61371905b6b4843a1e7667430c499ffc3b8b3477f00c5

16/05/2020

SHA-256

84.253.247.9

16/05/2020

IPv4

273980bca4f636674f0c28b0ecbf3319514b7ba662921a8599ffbd346e7ee22c

16/05/2020

SHA-256

f8251982a9bf3ebac894ec96481ce2a727528df6b7b83d55a1efa9d53f3cfb74

16/05/2020

SHA-256

ebcff0b451de2bdd8a5b10f2401b4b7f778dd11d16b7c5b86da53ee01dba3214

16/05/2020

SHA-256

ee74f9d992cfc53869afc70436c0a8a4f23fed17c58fa72d4afb2020534078e7

16/05/2020

SHA-256

4e23bd3066439f8101dde9a201362b78b6d18aefc790b4409d8597bda2411a7d

16/05/2020

SHA-256

3262aefb27d67eec8928848101c9dcbd3decfb5fe276752615f55188ec879b8b

16/05/2020

SHA-256

37.203.94.205

16/05/2020

IPv4

e3ca32338016576492e9355b0fa8713ce743a89d1c97c53087dd9e0f6e7a5c69

16/05/2020

SHA-256

38c2611a12e3f731bf77a841a62cc729e7350b8739a5563734ce4293be2604bd

16/05/2020

SHA-256

d988e37695bb220b194c9fb65ef556ceb31383d3593650ab14fd8e4ddcc4ef92

16/05/2020

SHA-256

324aa329d58e8033b2a7ed153d8ade943d0e677ad485ff9e83b025968254e1de

16/05/2020

SHA-256

cd017ddd49ee62be83c1746798e563ef1457a699c529cfa5b9263d9436c40069

16/05/2020

SHA-256

677bfc6bc34007326eacc1917194a57c60cd02573419fc6ca4d3955aed307ed4

16/05/2020

SHA-256

ac4b05b77f030f730cb7101e30a2b4ca86851007202ca05f41775c5a4324ed96

16/05/2020

SHA-256

204.254.253.254

16/05/2020

IPv4

bf80b6a0cffb01ff4bdb38c0da69d9a107dbf1ca792ed89a80b090e07e8011a2

16/05/2020

SHA-256

134.254.253.254

16/05/2020

IPv4

934a0f75e8d9f66d25087f067927c5dfb9cdbc860acce2320932b3ea6e54883c

16/05/2020

SHA-256

bb089100d669bb3d3c40450edc2102b9d28699063f3701cfd3fa5f728152bdff

16/05/2020

SHA-256

117.254.253.254

16/05/2020

IPv4

b97f98a6a63ecd9a9ef954ea60554e6f4f2b5cf93639ec57573951a17251eb9e

16/05/2020

SHA-256

CYBER45

Threat Roundup for May 8 to May 15

C45-2020-05-16-5

Indicators of Compromise (IOC) List