top of page
Kaspersky discovers new Ymir ransomware used together with ...
C45-2024-11-11-1
Indicators of Compromise (IOC) List
Indicator of Compromise (IOC) | Date Published | IOC Type |
|---|---|---|
5384d704fadf229d08eab696404cbba6 | 11/11/2024 | MD5 |
e6c4d3e360a705e272ae0b505e58e3d928fb1387 | 11/11/2024 | SHA-1 |
12acbb05741a218a1c83eaa1cfc2401f | 11/11/2024 | MD5 |
5ee1befc69d120976a60a97d3254e9eb | 11/11/2024 | MD5 |
39df773139f505657d11749804953be5 | 11/11/2024 | MD5 |
94.158.244.69 | 11/11/2024 | IPv4 |
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | 11/11/2024 | Win_Registry |
f954d1b1d13a5e4f62f108c9965707a2aa2a3c89 | 11/11/2024 | SHA-1 |
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Both scripts use PowerShell to establish a covert channel to the IP address 94.158.244.69 on port 443. Based on the strings from the scripts we were able to obtain | 11/11/2024 | Win_Registry |
8287d54c83db03b8adcdf1409f5d1c9abb1693ac | 11/11/2024 | SHA-1 |
5.255.117.134 | 11/11/2024 | IPv4 |
51ffc0b7358b7611492ef458fdf9b97f121e49e70f86a6b53b93ed923b707a03 | 11/11/2024 | SHA-256 |
b087e1309f3eab6302d7503079af1ad6af06d70a932f7a6ae1421b942048e28a | 11/11/2024 | SHA-256 |
cb88edd192d49db12f444f764c3bdc287703666167a4ca8d533d51f86ba428d8 | 11/11/2024 | SHA-256 |
74.50.84.181 | 11/11/2024 | IPv4 |
fe6de75d6042de714c28c0a3c0816b37e0fa4bb3 | 11/11/2024 | SHA-1 |
8287d54c83db03b8adcdf1409f5d1c9abb1693ac8d000b5ae75b3a296cb3061c | 11/11/2024 | SHA-256 |
85.239.61.60 | 11/11/2024 | IPv4 |
3648359ebae8ce7cacae1e631103659f5a8c630e | 11/11/2024 | SHA-1 |
ed1f9e435dc885292eab65620c51f3fb | 11/11/2024 | MD5 |
bottom of page