Files

2023-08-25 Citrix CVE-2023-3519 attacks.csv
2023-10-ColdFusion-ransomware-IOCs.csv
2023-12 Akira followup.csv
2024-02_Payloads_associated_with_ScreenConnect_attacks.csv
20250205_SVGspam.csv
2309 Tiny Turla backdoor.csv
2310 CVE-2023-40044 wsftp ransomware.csv
2311 Vice Society - Rhysida IoCs.csv
2404 impersonation campaign.csv
3CX IoCs 2023-03.csv
3proxy-backdoor-IOCs.csv
ATK-Brutel.csv
Andr-FakeApp.csv
Android-HiddAd-T
Android-fauxanticovid.csv
Android-pakchat.csv
Android_C23-spyware.csv
Atomic-infostealer-IOCs.csv
CVE-2018-0798 RTFs
CVE-2022-26134_attacks.csv
CVE-2022-3236_IOCs.csv
CloudChat-IOCs.csv
Cryptorom_fakeapps_2.csv
DLLsideloading-PlugX-USBworm-2023-03.csv
FlowerStormPaaS.csv
Follina_CVE-2022-30190_hashes.csv
FoolsGoldMetaTraderShaZhuPan.csv
IOC-sheet_gootloader2025.csv
IOC_imagespam.csv
IOC_quishing2024.csv
Iranian-banking-malware.csv
Karma_Conti_joint_IOCs.csv
MAILBOMB-TEAMS-RANSOMWARE.csv
Mal-BadNode.csv
Mal-EncPk-APV_IOCs.csv
Malspam-OtoGonderici
Malware-SystemBC.csv
Miner-Mrbminer.csv
Miner-Tor2Mine.csv
MoDi-RAT-reflective-injection.csv
Nitrogen 2023-07.csv
OWASSRF IOCs 2023-03.csv
PJobRAT_IOCs.csv
PUA-QuickCPU_xmr-stak.csv
Pacific_Rim_Asnarok_iocs.csv
Pacific_Rim_CVE-2020-15069_IOCs.csv
Pacific_Rim_Covert_Channels_IOCs.csv
Pacific_Rim_Cyberoam_acct_IOCs.csv
Pacific_Rim_Defending_Forward_IOCs.csv
Pacific_Rim_Personal_Panda_IOCs.csv
Pacific_Rim_Under_The_Radar_IOCs.csv
Qakbot-onenote-attacks.csv
README.md
Ransom-Lockbit_20220412.csv
Ransomware-AstroLocker.csv
Ransomware-BlackByte.csv
Ransomware-Conti.csv
Ransomware-Dharma-RaaS.csv
Ransomware-Dharma-console-history-toolbelt-script.txt
Ransomware-Egregor.csv
Ransomware-EpsilonRed.csv
Ransomware-LockBit
Ransomware-LockBit.csv
Ransomware-Lockbit3-IOCs.csv
Ransomware-Matrix
Ransomware-Maze.csv
Ransomware-MegaCortex
Ransomware-Midas.csv
Ransomware-MountLocker.csv
Ransomware-Netfilim.csv
Ransomware-Netwalker
Ransomware-Play.csv
Ransomware-ProLock.csv
Ransomware-REvil-Kaseya.csv
Ransomware-Ryuk.csv
Ransomware-Snatch
Ransomware_BlackCat - triple ransomware attack.csv
Ransomware_BlackKingDom.csv
Ransomware_DearCry.csv
Ransomware_Hive - triple ransomware attack.csv
Ransomware_Lockbit - triple ransomware attack.csv
Ransomware_Prolock_services_stopped.csv
Ransomware_prolock_processes_stopped.csv
STAC1807_June_update.csv
STAC6451_IOCs.csv
ShaZhuPanfakeapps.csv
Stealer-Baldr
Sunburst_blocklists.csv
Troj-Agent-BKJE.csv
Troj-AgentTesla.csv
Troj-BazarBackdoor.csv
Troj-BazarLd.csv
Troj-BuerLd-A.csv
Troj-DocDL-AEOL.csv
Troj-DropperAsAService.csv
Troj-Emotet-Ukraine_maldocs.csv
Troj-KilllSomeOne.csv
Troj-Kingmine
Troj-Miner-AED.csv
Troj-PS-FX.csv
Troj-Polazert_IOCs.csv
Troj-Qakbot.csv
Troj-Ransom-GXS.csv
Troj-gootloader.csv
Troj-gootloader.yara
Troj_Agent-BJJB.csv
Troj_GuLoader.csv
Trojan-Glupteba
Trojan-LDMiner.csv
Worm-Raspberry-Robin.csv
Worm-WannaCry
Zemana-driver-IoCs.csv
atk-backstab-d.csv
bitcoin-addys
crimson_palace_2.csv
crimson_palace_post-08-2023.csv
crimson_palace_prior_intrusions.csv
crimson_palace_stac1248-alpha.csv
crimson_palace_stac1305_charlie.csv
crimson_palace_stac1870_bravo.csv
defi-mining-scams-iocs.csv
double-dragon-breath-iocs.csv
email account compromise 365 2023-06.csv
files_hosted_on_discord.csv
fleeceware-chatbot-apps.csv
gootloader_cats_iocs.csv
mal-fakealert.csv
maldrivers_release_2.csv
malware-MyKings
malware-MyKings-domains
malware-MyKings-v2.csv
malware-Raticate
malware-raticate-cloudeye.csv
ms-msdt restore registry key.reg
papercut-nday-indicators-of-compromise.csv
raccoonstealer.csv
ransomware_atomsilo.csv
ransomware_memento.csv
smishing campaign targeting Indian customers 2023-04.csv
usb worm with global reach.csv

Ransomware-REvil-Kaseya.csv

Add files via upload

Jul 5, 2021

25e94dd · Jul 5, 2021

1	Indicator_type	Data	Note
2	file_path_name	C:\windows\cert.exe	Copied CERTUTIL
3	file_path_name	C:\windows\msmpeng.exe	Outdated Defender executable vulnerable to DLL sideload
4	sha256	33bc14d231a4afaa18f06513766d5f69d8b88f1e697cd127d24fb4b72ad44c7a	Outdated Defender executable vulnerable to DLL sideload
5	file_path_name	C:\kworking\agent.crt	Revil dropper used in Kaseya exploit
6	sha256	d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1	Revil dropper used in Kaseya exploit
7	file_path_name	C:\windows\mpsvc.dll	Revil ransomware DLL
8	sha256	8dd620d9aeb35960bb766458c8890ede987c33d239cf730f93fe49d90ae759dd	Revil ransomware DLL
9	domain	ncuccr.org
10	domain	1team.es
11	domain	4net.guru
12	domain	35-40konkatsu.net
13	domain	123vrachi.ru
14	domain	4youbeautysalon.com
15	domain	12starhd.online
16	domain	101gowrie.com
17	domain	8449nohate.org
18	domain	1kbk.com.ua
19	domain	365questions.org
20	domain	321play.com.hk
21	domain	candyhouseusa.com
22	domain	andersongilmour.co.uk
23	domain	facettenreich27.de
24	domain	blgr.be
25	domain	fannmedias.com
26	domain	southeasternacademyofprosthodontics.org
27	domain	filmstreamingvfcomplet.be
28	domain	smartypractice.com
29	domain	tanzschule-kieber.de
30	domain	iqbalscientific.com
31	domain	pasvenska.se
32	domain	cursosgratuitosnainternet.com
33	domain	bierensgebakkramen.nl
34	domain	c2e-poitiers.com
35	domain	gonzalezfornes.es
36	domain	tonelektro.nl
37	domain	milestoneshows.com
38	domain	blossombeyond50.com
39	domain	thomasvicino.com
40	domain	kaotikkustomz.com
41	domain	mindpackstudios.com
42	domain	faroairporttransfers.net
43	domain	daklesa.de
44	domain	bxdf.info
45	domain	simoneblum.de
46	domain	gmto.fr
47	domain	cerebralforce.net
48	domain	myhostcloud.com
49	domain	fotoscondron.com
50	domain	sw1m.ru
51	domain	homng.net