top of page

Ransom.Win32.TARGETCOMP.YXCKCZ - Threat Encyclopedia

C45-2023-08-23-3

Indicators of Compromise (IOC) List

Indicator of Compromise (IOC)
Date Published
IOC Type
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services MaxIdleTime
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\\CurrentVersion\Image File Execution Options\wmic.exeIn
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\\CurrentVersion\Image File Execution Options\taskkill.exeStep 6Search and delete these files
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\\CurrentVersion\Image File Execution Options\powershell.exeIn
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exeProcess TerminationThis Ransomware terminates the following processes if found running in the affected system
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideSignOutvalue
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\\CurrentVersion\Image File Execution Options\diskshadow.exeIn
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\\CurrentVersion\Image File Execution Options\net.exeIn
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\\CurrentVersion\Image File Execution Options\wbadmin.exeIn
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\\CurrentVersion\Image File Execution Options\bcdedit.exeIn
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesMaxDisconnectionTime
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\RaccineIn
23/08/2023
Win_Registry
HKEY_CURRENT_USER\SOFTWARE\RaccineIn
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesMaxConnectionTime
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmic.
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Policies\System\shutdownwithoutlogonIt deletes the following services
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\\CurrentVersion\Image File Execution Options\vssadmin.exeIn
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\diskshadow.
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Systemshutdownwithoutlogon
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\net.
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wbadmin.
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services MaxDisconnectionTime
23/08/2023
Win_Registry
HKEY_CURRENT_USER\SOFTWARE\
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideShutDownvalue
23/08/2023
Win_Registry
34.82.151.0
23/08/2023
IPv4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vssadmin.
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideRestartvalue
23/08/2023
Win_Registry
184.30.149.149
23/08/2023
IPv4
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesMaxIdleTime
23/08/2023
Win_Registry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\
23/08/2023
Win_Registry
Download as CSV
bottom of page