top of page
Highly Evasive Attacker Leverages SolarWinds Supply Chain to ...
C45-2020-12-14-4
Indicators of Compromise (IOC) List
Indicator of Compromise (IOC) | Date Published | IOC Type |
|---|---|---|
325d6d60e24c7cfc3a782839d85ce08c8d3bb27c | 14/12/2020 | SHA-1 |
20.140.0.0 | 14/12/2020 | IPv4 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid. The userID is encoded via a custom XOR scheme after the MD5 is calculated. The ReportWatcherPostpone key of appSettings is then read from SolarWinds.Orion.Core.BusinessLayer.dll.config to retrieve the initial | 14/12/2020 | Win_Registry |
131.228.12.0 | 14/12/2020 | IPv4 |
192.168.0.0 | 14/12/2020 | IPv4 |
02af7cec58b9a5da1c542b5a32151ba1 | 14/12/2020 | MD5 |
96.31.172.0 | 14/12/2020 | IPv4 |
172.16.0.0 | 14/12/2020 | IPv4 |
1322340356018696d853e0ac6f7ce3a2 | 14/12/2020 | MD5 |
b91ce2fa41029f6955bff20079468448 | 14/12/2020 | MD5 |
10.0.0.0 | 14/12/2020 | IPv4 |
HKLM\SYSTEM\CurrentControlSet\services\ | 14/12/2020 | Win_Registry |
HKU\SOFTWARE\Microsoft\CTF exists | 14/12/2020 | Win_Registry |
224.0.0.0 | 14/12/2020 | IPv4 |
144.86.226.0 | 14/12/2020 | IPv4 |
bottom of page