top of page
Threat Roundup for May 28 to June 4
C45-2021-06-05-9
Indicators of Compromise (IOC) List
Indicator of Compromise (IOC) | Date Published | IOC Type |
|---|---|---|
0254b7ce3b4536cb34d9e86d3c6b154266fcb8dce343bdb6e013eb9a23405017 | 05/06/2021 | SHA-256 |
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RELIABILITY\SHUTDOWN
Value Name | 05/06/2021 | Win_Registry |
68bb4f6151b25933933e871d5619ae26dba2015b9499d89f66d1c9d5835ceaea | 05/06/2021 | SHA-256 |
63ec1cea606e844bc746ca0172d147f4a4530333b4b7a7b95844bef5fac3135e | 05/06/2021 | SHA-256 |
216.239.36.126 | 05/06/2021 | IPv4 |
f670b25c1e3b394beb0f6fcf9fb47481451fd9eafd7af02fb70ff1e9bd0c8a2c | 05/06/2021 | SHA-256 |
113fe2ba713aa8084f0d660d974e82c5279b9f2248862c0a163d43f3743f3325 | 05/06/2021 | SHA-256 |
172.217.197.113 | 05/06/2021 | IPv4 |
417ba4d301ab99369ddcb5534ed6b9e95c52a7b071848fbf7c624db2ce17a1a2 | 05/06/2021 | SHA-256 |
8d1505cff10c8fd709d08b83c290d516c7603affdb6e94fd2f5d878e13ef48ca | 05/06/2021 | SHA-256 |
1e2a3ccd1ec4b61410b6b25462353e42ef5497f1e68ba42722c4f95f085c6251 | 05/06/2021 | SHA-256 |
60af0304708602c1dc121f4067b6953de45bcf56dcb611ee496b62797f2943e5 | 05/06/2021 | SHA-256 |
173.194.207.95 | 05/06/2021 | IPv4 |
ea95808ebf6e67e1c77ed9fab384e0b3 | 05/06/2021 | MD5 |
104.215.148.63 | 05/06/2021 | IPv4 |
101436347c1f5ae90b71588c8ae4edf02e4e4b39ee6d17dc1db6a8fc331a4edb | 05/06/2021 | SHA-256 |
69.16.231.57 | 05/06/2021 | IPv4 |
172.217.197.100 | 05/06/2021 | IPv4 |
2cf2c046172602182de25e7e05866705d5286f413178829f06cc5d1b78947c8c | 05/06/2021 | SHA-256 |
1f4f370c22fd22bedb5ae21d303949b6d4ad0f0a7592ce7b5be3b1b9e27c91ca | 05/06/2021 | SHA-256 |
183f726fa0b91a909ebafbec9b6abb43255d2d289690ce07e1d5533750b86a93 | 05/06/2021 | SHA-256 |
02e01109701ec01740188db6838010f6d5850b81ef6cd0eb154d67c314bd218f | 05/06/2021 | SHA-256 |
HKCU\SOFTWARE\MICROSOFT\DFWOFIK
Value Name | 05/06/2021 | Win_Registry |
HKU\User SID
Value Name | 05/06/2021 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON
14
HKCU\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\TRUSTCENTER
14
HKCU\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\TRUSTCENTER\EXPERIMENTATION
14
HKCU\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\EXPERIMENTECS
14
HKLM\SOFTWARE\MICROSOFT\OFFICE\COMMON\EXPERIMENT
14
HKCU\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\EXPERIMENTECS\OVERRIDES
14
HKCU\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\EXPERIMENTECS\OFFICECLICKTORUN
14
HKCU\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\EXPERIMENTECS\OFFICECLICKTORUN\OVERRIDES
14
HKCU\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\EXPERIMENTECS\ALL
14
HKCU\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\EXPERIMENTECS\ALL\OVERRIDES
14
HKCU\SOFTWARE\MICROSOFT\OFFICE\COMMON\CLIENTTELEMETRY
14
HKCU\SOFTWARE\MICROSOFT\OFFICE\COMMON\CLIENTTELEMETRY\RULESLASTAUDIENCEREPORTED
14
HKCU\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\EXPERIMENTCONFIGS
14
HKCU\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\EXPERIMENTCONFIGS\ECS
14
HKCU\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\EXPERIMENTCONFIGS\ECS\OFFICECLICKTORUN
14
HKCU\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\EXPERIMENTCONFIGS\EXTERNALFEATUREOVERRIDES
14
HKCU\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\EXPERIMENTCONFIGS\EXTERNALFEATUREOVERRIDES\OFFICECLICKTORUN
14
HKCU\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\EXPERIMENTCONFIGS\FIRSTSESSION
14
HKCU\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\EXPERIMENTCONFIGS\FIRSTSESSION\OFFICECLICKTORUN
14
HKCU\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\EXPERIMENTCONFIGS\ECS\OFFICECLICKTORUN\CONFIGCONTEXTDATA
14
HKCU\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\EXPERIMENT
12
HKCU\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\EXPERIMENT\OFFICECLICKTORUN
12
HKCU\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\IDENTITY
12
Mutexes
Occurrences
kkq- | 05/06/2021 | Win_Registry |
173.194.207.84 | 05/06/2021 | IPv4 |
49741374da47b47d02883262d28ecbe31b624fbcfe6cac801ae3e8a88fc3f389 | 05/06/2021 | SHA-256 |
369227b9605550bed80ce5f51e39e20da2669499021dd19d0d91f099c34a20ef | 05/06/2021 | SHA-256 |
03221a44767c018311b56cc2dd52a656f68c2a82edac26a35a526a12d02efe55 | 05/06/2021 | SHA-256 |
184.105.192.2 | 05/06/2021 | IPv4 |
ba3b5d70f865fd7e2bfe99452dfa18669927cd0b2775bb4520b1b55645f13b8b | 05/06/2021 | SHA-256 |
7ac60c9dbf18f84ffea6d00012957aecbb1d8538502c57089b140e7c21017149 | 05/06/2021 | SHA-256 |
4f15cc9179acae075c41f1c90d2ff7c08e6c41e81949ea96f05a1c5873949c63 | 05/06/2021 | SHA-256 |
HKCU\SOFTWARE\MICROSOFT\GOCFK
25
HKCU\SOFTWARE\MICROSOFT\KPQL
25
HKCU\SOFTWARE\MICROSOFT\GOCFK
Value Name | 05/06/2021 | Win_Registry |
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Value Name | 05/06/2021 | Win_Registry |
3d0cfb90b917022529807948bcbf1571fe6f6b3d56c609c184ff38287a220f08 | 05/06/2021 | SHA-256 |
6865d809278b555dd6ce0db09421f5a4be871caa8420dd191638952f6bccc4fd | 05/06/2021 | SHA-256 |
419c5bfa3f6898f9ecfa4e7c489efb3aa5da89aa445c5e56b0e106c5e13d90b3 | 05/06/2021 | SHA-256 |
2ccbefb18f24d825b524ebcfaace361576f013fdc4eb60d8cf36e7711955c2fe | 05/06/2021 | SHA-256 |
3a5593b9d6c99c73d2aee5620b618d13a7dbb2f2091d465edf5e05368e3308fc | 05/06/2021 | SHA-256 |
1db91e1dc47df8ba3de19a6385e13959bfab6fc6ec86b5d097f2177a5e35f034 | 05/06/2021 | SHA-256 |
0b729bc086df1477d6b3f4a49c7ed3972d6e2a0bd5494c3582744fabc52c4ee6 | 05/06/2021 | SHA-256 |
b381c8d9c38488f4e497324a03c966b4 | 05/06/2021 | MD5 |
1c3020e530498dc64e64154da5b089b6a6564b2542aa8d2507f95aaa5f00003f | 05/06/2021 | SHA-256 |
307763d34fe4ce6373ee37f421e8fcf5a6676171ba19a2f34c784ad6b520dc85 | 05/06/2021 | SHA-256 |
45.133.1.98 | 05/06/2021 | IPv4 |
59.42.71.178 | 05/06/2021 | IPv4 |
HKLM\SYSTEM\CONTROLSET001\SERVICES\EL5DST3F\PARAMETERS
8
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SVCHOST
Value Name | 05/06/2021 | Win_Registry |
37.1.217.172 | 05/06/2021 | IPv4 |
0d00cbd2fa635ab876a0cf19d3268e8a7c4632a947403f9279f0e460c200992d | 05/06/2021 | SHA-256 |
bottom of page