-
Notifications
You must be signed in to change notification settings - Fork 151
/
Copy pathNetwalker_IOCs.text
76 lines (76 loc) · 4.75 KB
/
Netwalker_IOCs.text
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
Netwalker Ransomware Investigation
86c54f746b7af0ffaa40444e44b4dfd8e2d598bb31ad932cc2fb1ac1c83237ce
ac0882d87027ac22fc79cfe2d55d9a9d097d0f8eb425cf182de1b872080930ec
868cb8251a245c416cd92fcbd3e30aa7b7ca7c271760fa120d2435fd3bf2fde9
ce399a2d07c0851164bd8cc9e940b84b88c43ef564846ca654df4abf36c278e6
44b5d24e5e8fd8e8ee7141f970f76a13c89dd26c44b336dc9d6b61fda3abf335
bd3fdf1b50911d537a97cb93db13f2b4026f109ed23a393f262621faed81dae1
411c3b13f7935bc7642b8bd7753fdf50f5b00c050c1414b20d6fbf9ebb073611
d260f6a8b523a3b17795957a7b3625603aa450f6ba89f22c27ff8f9837dd3da4
9c89c03cef93d810da1634de6e75e300a6857d7bed8b342347e708b5942131d8
b1abe68ddfd5feb30f54e7057f502d1b0c25d51ab60b9080c3095484fceaf800
5ab553e17a69c5f99b5972cb892efde0c2debb52cd8bad2565140d4dc758b411
47cb08d1f13248e7773026aa1f13e64d74bdefb1a09cbc9648be2a1e52eb5f5f
201e13de7dab5ebba8d1f81e2a9b3f2cb646b7a3666f6310c6eb290caa6b441d
e32fa4eea0706e452853c1e9e309aeecf59e2da8bb065c20bbb0599cdcf9e0cd
853fa18adc3f9263a0f98a9a257dd70d7e1aee0545ab47a114f44506482bd188
8587037c15463d10a17094ef8fa9f608cc20c99fa0206ce496b412f8c7f4a1b8
346fdff8d24cbb7ebd56f60933beca37a4437b5e1eb6e64f7ab21d48c862b5b7
6d39928b82cb484053f841db90638a2341243fd717118d9118fba8681f35c9bd
58e923ff158fb5aecd293b7a0e0d305296110b83c6e270786edcc4fea1c8404c
416556c9f085ae56e13f32d7c8c99f03efc6974b2897070f46ef5f9736443e8e
8639825230d5504fd8126ed55b2d7aeb72944ffe17e762801aab8d4f8f880160
9f9027b5db5c408ee43ef2a7c7dd1aecbdb244ef6b16d9aafb599e8c40368967
887a1b7d4dd3f879cd256eefd404f3e6ecf77a29acf90fac256d8c37047783eb
f69fb7049f7a75f75c3a6bba86741b8ccdd28dbf7fe65bc0c7700c3905447512
fdcee5f06efca24ade6e8d8b2872b5ba233ea8ccb212a9ce4f7d96703b2d22b3
00a0f724cf9c3dcde118897a9fd74300faba3ef33aa55b6d5531a606ced45b24
de04d2402154f676f757cf1380671f396f3fc9f7dbb683d9461edd2718c4e09d
78c4474254c121f4d28fba22337b473efbe55a2cf6b6b90031fa91d5d303fbc2
0aec48e5d0f4fa5f4f4de0564a249d65c399f94f14149f3a19b3d0dc66c64e75
a1115fa0c74f51d35063f8d3caf1d49156ab78872c3723d5e585a4ee8e4f8370
99c539f6cf1b935d199c27308a77040d262aa31cfe9986ca43ddfa44373971fd
c414bbb789af8e3fb93b33344b31f1991582ec0f06558b29a3178d2b02465c72
f5f280b2556b4ec86e68bc4e69eb5eb461f225e1444a87719a9cbe68ecbf327f
e30d05302c9c9aaad111e92dcbe8bdc999ce7c7d2066a6e3abef2d7263da672f
2a66e29d91a95815eff1e0ed164b916ae3c195e64b32eae59300963fbf3116d9
15a4cd4a7baca3961fb0113164434c535af85cedd54744e14a4d4d7b106dd060
d15fc14d79d7687f6f10ac6ba03f8e661bd1705332d4a7fc173f828944209f12
03e5fb84d3de926cba0734000889229bd504f2e8a1143324c5651eaad22d8978
27c44e526a84740441ccb55994b9a16baef7d6a410a7131c3b5386e3ab4851ee
6b386c177ed93e0a4d9760c32a78b924ec62368053731e4767b3dd3a004109d1
f2c7caff68c1a8a2a3358d1f140398d93dd3771f6839ea2c87e392a9be21ff96
b558df5a814c3b27fd47f20c728f405d7d52b86a6a3c102aea63c40a3cc3553b
d707b9686abf083186c1f7a365c3cde9ff34e66ea3ec3ee84b142fb5ebae9944
b1592bcfc8776d669cefda5db963a5a851350ffb35f6d187211ec900a1734043
adf29a219ba2d948dd856ee7abaa51babaa30e11ad3ca56b58e66336c3c2369f
d2dd95ab8754841524a840a32441f1c9ff0a1d83a42e7d6540c3265c0ae307e5
f7fac3c047714d6e7c00b227d5f970311437b0c0efc2c8fee23903650360d3cb
29e8a24e07ecf0d38a5281a01ef78448d4897fc00776aa4f2190f73f44c5e217
Vssadmin.exe delete shadows/all/quiet
HKCU\Software\Microsoft\Windows\Currentversion\Run
fd29001b8b635e6c51270788bab7af0bb5adba6917c278b93161cfc2bc7bd6ae
b0d409532c5b14c09fa6f27e733201964b5bdd00acf0a82dca2941ed4b06b167
8b2a15347d683debc4c44749a4833e4e5dae0569a3184bc0cef8bfb91740061f
c37bb1a33b0f78c948799c909e3b09c5e938b78162dc9960b1198979479ca5c4
8d06dfaccbc7f1d5d4c71285a3c06e456a807de692a3362a85bafcaad48aff8d
06a480f56065dfc50352328c7f9667b897363380583b5d4277325584fb0fc1b9
89488a0673811d048b9dd09a6162d52ab26e501fc2836a3c8dc8f8e70c7c7ad5
360f99072aa156d7d719b2f76f5549b377386a37e4e8f035c46f4089bb14411b
2d0703d3a66da453cc52716f0f80f59707bade8791d47c399095103d47794555
bf26a23c371bd59971145a347e599c63e39d5ce8de1f956710a7c33156d58f2c
07545705bcc5c18473161685d7faed02d87602d0ffbd14067b9fd2b8832ec2fa
0655e42dae757a50320dc586bff58991111d9c7812fe3b5d904ead673106ce12
56c419b8813677e6531286bc70cfe951ccd52aad8fbf802305e707763f6cfaf9
ce914e4fa255cd22c5df2a78018b2b02004dd977ad60f65a6cb0ce1c1925a58a
1d05c8d6073166ebe10b07bc5b654446264e2b3771d846a2ff403be6ab45680a
00350a15bd59f4ec08d1c936245c6574c74f512d4806a90d18c851e665de103c
f5f20a062fc90859acb3050171283acf68ffb18310c2be0a551521f971bbe0c2
711e54608c1831a9eec0d16d72a5059218137eade1d3b0561d2f0f9103694f3f
0ac859c6348a2b53abfd8601328221af5bfa9a006cbd686bd94e82ccb7670698
83fa7935ce54711975235abcc6019b8b6b5ef215bf9a6c3270b1401d41324f69
95752d620068078e0a22a4a0b0a8b575a849bfce96d66c89c50fc9c397cbe263
76549c54eb890cc6bb1d6f506f0175a4c9cfdfd78a5814993ed8a3ad4f20d344
b41d1f7ed0844740863f2cfcf294e8f3786759c5da2a4e5fbe8be57669eed01c
fd2b69ce65835fa2e5a92fac728497cc9a5ad54b93db84b775ede54d9626e20f
39aa0c5b0ef0dbd5bb57f76ed0a159a119876e9f7247d7c7c65b8500a75e8c4c