DateAdded,FirstSeen,IoC,Type,TLP,Release,Category,MalwareFamily,SHA1,MD5,Filename,C2Domain
5/28/2021,1/28/2021,cdnappservice.web.app ,Domain,White,May 21 Midnight Blizzard Indicators,Email Url,,,,,cdnappservice.firebaseio.com
5/28/2021,1/29/2021,logicworkservice.web.app,Domain,White,May 21 Midnight Blizzard Indicators,Email Url,,,,,cdnappservice.firebaseio.com
5/28/2021,2/24/2021,ca83d7456a49dc5b8fe71007e5ac590842b146dd5c45c9a65fe57e428a8bd7c6,SHA256,White,May 21 Midnight Blizzard Indicators,Email Attachment,EnvyScout,0588cf19b8058d5a842f9d3e9b02b3acf2524d71,f5a9d696828051d4487dde248a973658,Invitation.html,humanitarian-forum-default-rtdb.firebaseio.com
5/28/2021,2/24/2021,humanitarian-forum.web.app,Domain,White,May 21 Midnight Blizzard Indicators,Email Url,,,,,humanitarian-forum-default-rtdb.firebaseio.com
5/28/2021,2/24/2021,6e2069758228e8d69f8c0a82a88ca7433a0a71076c9b1cb0d4646ba8236edf23,SHA256,White,May 21 Midnight Blizzard Indicators,Container,,b378d74d82434b5564c9efc327340174e89a09ea,,Invitation Document.iso,
5/28/2021,2/24/2021,24caf54e7c3fe308444093f7ac64d6d520c8f44ea4251e09e24931bdb72f5548,SHA256,White,May 21 Midnight Blizzard Indicators,Malicious LNK,,846620d647314390d641e6400733ceddc5b21ce3,,Programme outline.lnk,
5/28/2021,2/24/2021,6866041f93141697ec166fe64e35b00c5fcd5d009500ecf58dd0b7e28764b167,SHA256,White,May 21 Midnight Blizzard Indicators,Malicious LNK,,528c59b8d36e6758ece42f917ea666c227b7ed21,,Plending forms.lnk   ,
5/28/2021,2/24/2021,a4f1f09a2b9bc87de90891da6c0fca28e2f88fd67034648060cef9862af9a3bf,SHA256,White,May 21 Midnight Blizzard Indicators,CobaltStrike,CobaltStrike,19a751ff6c5abd8e209f72add9cd35dd8e3af409,,GraphicalComponent.dll,139.99.167.177
5/28/2021,2/26/2021,5f7d08eb2039a9d2e99ebf3d0ef2796b93d0a01e9b8ec403fec8fcdf46448693,SHA256,White,May 21 Midnight Blizzard Indicators,Container,,e55a178365baca38c4f53b53ad648bc43440df55,,SMM_Report.img,
5/28/2021,2/26/2021,292e5b0a12fea4ff3fc02e1f98b7a370f88152ce71fe62670dd2f5edfaab2ff8,SHA256,White,May 21 Midnight Blizzard Indicators,CobaltStrike,CobaltStrike,dd17765749d92d98eba5dfb869d027acf8e45731,,dxgim.dll,stockmarketon.com
5/28/2021,3/2/2021,065e9471fb4425ec0b3a2fd15e1546d66002caca844866b0764cbf837c21a72a,SHA256,White,May 21 Midnight Blizzard Indicators,Email Attachment,EnvyScout,,,information.html,security-updater-default-rtdb.firebaseio.com
5/28/2021,3/2/2021,security-updater.web.app,Domain,White,May 21 Midnight Blizzard Indicators,Email Url,,,,,security-updater-default-rtdb.firebaseio.com
5/28/2021,3/2/2021,112f92cfecdc4e177458bc1caebcc4420b5879840f137f249fac360ddac64ddd,SHA256,White,May 21 Midnight Blizzard Indicators,Container,,,,information.iso,
5/28/2021,3/2/2021,a45a77ad5c138a149aa71fb323a1e2513e7ac416be263d1783a7db380d06d2fc,SHA256,White,May 21 Midnight Blizzard Indicators,Container,,8d621fb03da187bd2e5fc8605d2164b871a97063,,topics_of_discussion.iso,
5/28/2021,3/2/2021,88c95954800827cb68e1efdacd99093f7f9646d82613039472b5c90e5978444d,SHA256,White,May 21 Midnight Blizzard Indicators,CobaltStrike,CobaltStrike,070dcb70a1312997549d76ae1a8d68f397f53258,,information.exe,tacomanewspaper.com
5/28/2021,3/2/2021,88c95954800827cb68e1efdacd99093f7f9646d82613039472b5c90e5978444d,SHA256,White,May 21 Midnight Blizzard Indicators,CobaltStrike,CobaltStrike,070dcb70a1312997549d76ae1a8d68f397f53258,,WRAR600.EXE,tacomanewspaper.com
5/28/2021,3/17/2021,f5bc4a9ffc2d33d4f915e41090af71544d84b651fb2444ac91f6e56c1f2c70d5,SHA256,White,May 21 Midnight Blizzard Indicators,Email Attachment,EnvyScout,7e4bcfd1436eeabb4f1affa44392aa8de41d3d9a,,Reply slip.html,
5/28/2021,3/17/2021,eventbrite-com-default-rtdb.firebaseio.com,Domain,White,May 21 Midnight Blizzard Indicators,Email Url,,,,,
5/28/2021,3/17/2021,873717ea2ea01ae6cd2c2dca9d6f832a316a6e0370071bb4ee6ecff3163f8d18,SHA256,White,May 21 Midnight Blizzard Indicators,Container,,460af41f9f177623c832f2cdcd0fd90e94b78dbc,,Reply slip.iso,
5/28/2021,3/17/2021,7bf3457087ea91164f86f4bb50ddb46c469c464c300228dba793f7bfe608c83e,SHA256,White,May 21 Midnight Blizzard Indicators,Encrypted Payload,,,,Reply slip.rtf,
5/28/2021,3/17/2021,b81beb17622d4675a1c6f4efb358cc66903366df75eb5911bca725465160bdb6,SHA256,White,May 21 Midnight Blizzard Indicators,Malicious LNK,,,,Reply slip.rtf.lnk,
5/28/2021,3/17/2021,f9a74ac540a6584fc3ba7ccc172f948c6b716cceea313ce1d9e7b735fa2a5687,SHA256,White,May 21 Midnight Blizzard Indicators,CobaltStrike,CobaltStrike,67647c7c803144cc889176c22ba9204861a7b225,,desktop.dll,trendignews.com
5/28/2021,3/18/2021,supportcdn.web.app,Domain,White,May 21 Midnight Blizzard Indicators,Email Url,,,,,supportcdn-default-rtdb.firebaseio.com
5/28/2021,3/29/2021,dcf48223af8bb423a0b6d4a366163b9308e9102764f0e188318a53f18d6abd25,SHA256,White,May 21 Midnight Blizzard Indicators,Email Attachment,,,,cert.html,security-updater-default-rtdb.firebaseio.com
5/28/2021,3/29/2021,d19ff098fe0f5947e08ec23be27d3a3355e14fb20135d8c4145126caa8be4b05,SHA256,White,May 21 Midnight Blizzard Indicators,Container,,a97830ae802ce39e27d8744be7d24ab3b93e7c79,,dppy_empty.iso ,
5/28/2021,3/29/2021,1f5a915e75ad96e560cee3e24861cf6f8de299fdf79e1829453defbfe2013239,SHA256,White,May 21 Midnight Blizzard Indicators,CobaltStrike,CobaltStrike,bca1177027130c0d6b30a328cff526e882cc8d65,,mstu.dll,tacomanewspaper.com
5/28/2021,3/29/2021,194f4d1823e93905ee346d7e1fffc256e0befd478735f4b961954df52558c618,SHA256,White,May 21 Midnight Blizzard Indicators,Malicious LNK,,,,information.txt.lnk,
5/28/2021,3/31/2021,2836e5553e1ae52a1591545b362d1a630e3fef7e6b7e8342a84008fe4a6473a9,SHA256,White,May 21 Midnight Blizzard Indicators,Email Attachment,EnvyScout,,,,humanitarian-forum-default-rtdb.firebaseio.com
5/28/2021,4/22/2021,cfb57906cf9c5e9c91bc4aa065f7997b1b32b88ff76f253a73ee7f6cfd8fff2f,SHA256,White,May 21 Midnight Blizzard Indicators,Email Attachment,EnvyScout,e99566615a3d358deb95cb17926397cb014fbf72,,attachment.html,eventbrite-com-default-rtdb.firebaseio.com
5/28/2021,4/22/2021,98473e1b8f7bedd5cfa3b83dad611db48eee23faec452e62797fb7752228c759,SHA256,White,May 21 Midnight Blizzard Indicators,Container,,6185e856694ef665c79d4168da9dc62a2f4f78a3,,attachment.iso,
5/28/2021,4/22/2021,2ebbb99b8dae0c7b0931190fa81add987b44d4435dafcf53a9cde0f19bb91398,SHA256,White,May 21 Midnight Blizzard Indicators,CobaltStrike,CobaltStrike,880ff7c781220695f1ddf939db1ba5ba865cf8f6,,imgmountingservice.dll   ,cityloss.com
5/28/2021,4/22/2021,574b7a80d8b9791cb74608bc4a9fcba4e4574fafef8e57bdee340728445ebd16,SHA256,White,May 21 Midnight Blizzard Indicators,Decoy Document,,,,state ellection changes.docx,
5/28/2021,4/22/2021,3c86859207ac6071220976c52cef99abf18ae37ae702c5d2268948dda370910b,SHA256,White,May 21 Midnight Blizzard Indicators,Malicious LNK,,e31c59fe9f660871737e89271a36071421d4788b,,attachment.lnk,
5/28/2021,5/12/2021,279d5ef8f80aba530aaac8afd049fa171704fc703d9cfe337b56639732e8ce11,SHA256,White,May 21 Midnight Blizzard Indicators,Email Attachment,EnvyScout,9cf1847cf6d5b4d858e89f3dee87e398ead25136,32e0940e1715392280d4bdb514d9cf11,NV.html,
5/28/2021,5/12/2021,749bf48a22ca161d86b6e36e71a6817b478a99d935cd721e8bf3dba716224c84,SHA256,White,May 21 Midnight Blizzard Indicators,Container,,de8b0031ac9e0034f8e07d7d48f3b5a9aa308753,,nv.img,
5/28/2021,5/12/2021,cf1d992f776421f72eabc31d5afc2f2067ae856f1c9c1d6dc643a67cb9349d8c,SHA256,White,May 21 Midnight Blizzard Indicators,1st Stage,BoomBox,9ec1ce776d13c26f28d2346d2b4e974cb8ee9566,a3369c4bf67cdb3f4be6772680b1e215,boom.exe,
5/28/2021,5/12/2021,73ca0485f2c2c8ba95e00188de7f5509304e1c1eb20ed3a238b0aa9674f9104e,SHA256,White,May 21 Midnight Blizzard Indicators,Decoy Document,,241fffe76e458576f6aba02f6d16ee854a627c31,,nv.pdf,
5/28/2021,5/12/2021,eae312c5ec2028a2602c9654be679ecde099b2c0b148f8d71fca43706efe4c76,SHA256,White,May 21 Midnight Blizzard Indicators,Malicious LNK,,10bfc411ed9c7290b2bed79b8c085dbfc3f933de,,nv.lnk,
5/28/2021,5/13/2021,9301e48ea3fa7d39df871f04072ee47b9046d76aa378a1c5697f3b2c14aef1d6,SHA256,White,May 21 Midnight Blizzard Indicators,Email Attachment,EnvyScout,ae2a555cf0d0cb188743923e8062410424d4b7c6,e405285f73ddb8986cbf31b9ca864f1b,nv.html,
5/28/2021,5/13/2021,e41a7616a3919d883beb1527026281d66e7bcdaff99600e462d36a58f1bdc794,SHA256,White,May 21 Midnight Blizzard Indicators,Container,,2d17a7533da3d64f166d6f92e12a4fd73ff7e319,,NV.img,
5/28/2021,5/13/2021,60e20576b08a24cdaeaabc4849011885fb7517713226e2663031d9533d2187bc,SHA256,White,May 21 Midnight Blizzard Indicators,Container,,f48026a143a8b4e347298b4a99b38cda20fb19d1,,Attachment.img,
5/28/2021,5/13/2021,8199f309478e8ed3f03f75e7574a3e9bce09b4423bd7eb08bb5bff03af2b7c27,SHA256,White,May 21 Midnight Blizzard Indicators,1st Stage,BoomBox,fc60899c6d0468ade1abd8e66bdf2ed4fe7e24f3,bd7734d9ee4a6d9aca03e96d5e951805,boom.exe,
5/28/2021,5/13/2021,0acb884f2f4cfa75b726cb8290b20328c8ddbcd49f95a1d761b7d131b95bafec,SHA256,White,May 21 Midnight Blizzard Indicators,1st Stage,BoomBox,5fb5074d1036245ab7fb936a83556a2d5862328c,e9594890e33b653eb6a8b4c87f6b32a8,boom.exe,
5/28/2021,5/13/2021,d37347f47bb8c7831ae9bb902ed27a6ce85ddd9ba6dd1e963542fd63047b829c,SHA256,White,May 21 Midnight Blizzard Indicators,Decoy Document,,4a830e38390d8a9614754aca1019955279c1d4a0,,Meeting info.docx,
5/28/2021,5/13/2021,0585ed374f47d823f8fcbb4054ad06980b1fe89f3fa3484558e7d30f7b6e9597,SHA256,White,May 21 Midnight Blizzard Indicators,Malicious LNK,,182a7a2a0f84d11d832bc7b847677f086c2db757,,NV.lnk,
5/28/2021,5/13/2021,eae312c5ec2028a2602c9654be679ecde099b2c0b148f8d71fca43706efe4c76,SHA256,White,May 21 Midnight Blizzard Indicators,Malicious LNK,,10bfc411ed9c7290b2bed79b8c085dbfc3f933de,,Attachment.lnk,
5/28/2021,5/13/2021,656384c4e5f9fe435d51edf910e7ba28b5c6d183587cf3e8f75fb2d798a01eeb,SHA256,White,May 21 Midnight Blizzard Indicators,2nd Stage,NativeZone,88f009eb0d6802470b883b606700508ea5db49ae,c59d65430e090f31c85ebead45d197ab,manual.pdf,
5/28/2021,5/13/2021,136f4083b67bc8dc999eb15bb83042aeb01791fc0b20b5683af6b4ddcf0bbc7d,SHA256,White,May 21 Midnight Blizzard Indicators,2nd Stage,NativeZone,91f9ee61662317e13fd8a73506dd7cd780c417dc,a707f6bd9c96423619366b02073f0923,NativeCacheSvc.dll,
5/28/2021,5/13/2021,23e20d630a8fd12600c2811d8f179f0e408dcb3e82600456db74cbf93a66e70f,SHA256,White,May 21 Midnight Blizzard Indicators,2nd Stage,VaporRage,8d32ee818a3a02a58db3747a22df767cfc49ef23,9147f37c1186ec93b7fca964fb9cfa2b,readme.pdf,
5/28/2021,5/13/2021,b0bfe6a8aa031f7f5972524473f3e404f85520a7553662aaf886055007a57db5,SHA256,White,May 21 Midnight Blizzard Indicators,2nd Stage,VaporRage,c3c42edbce67750a8ac204a3251373bb75dd0b8e,,CertPKIProvider.dll,holescontracting.com (compromised WordPress site)
5/28/2021,5/20/2021,f7e8c9d19efd71f5c8217bf12bdd3f6c88d5f56ab65fea02dc2777c5402a18f1,SHA256,White,May 21 Midnight Blizzard Indicators,Email Attachment,EnvyScout,e92edb3457dc012fcaec13f80c603a73979f039d,33d8a326463784ede506d900df8cc894,NV.html,
5/28/2021,5/20/2021,b295c5ad4963bdffa764b93421c3dd512ca6733b79bdff2b99510e7d56a70935,SHA256,White,May 21 Midnight Blizzard Indicators,2nd Stage,NativeZone,21d492818033b92ddd785fa4a7c9c2358fa2def9,e13dce2481ee738c47bc90d889f4d40b,Wbtr.dll,
5/28/2021,5/20/2021,6d08b767117a0915fb86857096b4219fd58596b42ccf61462b137432abd3920e,SHA256,White,May 21 Midnight Blizzard Indicators,Malware,,1ea9e8ee5d7d42706b904ae7852ce971681ee8e1,,RtlSvcMicro.dll,doggroomingnews.com
5/28/2021,5/25/2021,https://r20.rs6.net/tn.jsp?<unique_to_target>,Url,White,May 21 Midnight Blizzard Indicators,Email Url; note this is simply the Constant Contact redirector URL. The URL redirected to is actor controlled.,,,,,https://usaid.theyardservice.com/d/<target_email_address>
5/28/2021,5/25/2021,94786066a64c0eb260a28a2959fcd31d63d175ade8b05ae682d3f6f9b2a5a916,SHA256,White,May 21 Midnight Blizzard Indicators,Container,,bf7b36c521e52093360a4df0dd131703b7b3d648,,ica-declass.img,
5/28/2021,5/25/2021,2523f94bd4fba4af76f4411fe61084a7e7d80dec163c9ccba9226c80b8b31252,SHA256,White,May 21 Midnight Blizzard Indicators,Container,,c1d5443f6f57f89bef76eb9e7c070f911954553b,,ICA-declass.iso,
5/28/2021,5/25/2021,ee42ddacbd202008bcc1312e548e1d9ac670dd3d86c999606a3a01d464a2a330,SHA256,White,May 21 Midnight Blizzard Indicators,2nd Stage,NativeZone,1fb12e923bdb71a1f34e98576b780ab2840ba22e,1c3b8ae594cb4ce24c2680b47cebf808,documents.dll,dataplane.theyardservice.com;cdn.theyardservice.com;static.theyardservice.com;worldhomeoutlet.com
5/28/2021,5/25/2021,ee42ddacbd202008bcc1312e548e1d9ac670dd3d86c999606a3a01d464a2a330,SHA256,White,May 21 Midnight Blizzard Indicators,2nd Stage,NativeZone,1fb12e923bdb71a1f34e98576b780ab2840ba22e,,documents.dll,dataplane.theyardservice.com;cdn.theyardservice.com;static.theyardservice.com;worldhomeoutlet.com
5/28/2021,5/25/2021,7d34f25ad8099bd069c5a04799299f17d127a3866b77ee34ffb59cfd36e29673,SHA256,White,May 21 Midnight Blizzard Indicators,Decoy Document,,738c20a2cc825ae51b2a2f786248f850c8bab6f5,,ica-declass.pdf,
5/28/2021,5/25/2021,7d34f25ad8099bd069c5a04799299f17d127a3866b77ee34ffb59cfd36e29673,SHA256,White,May 21 Midnight Blizzard Indicators,Decoy Document,,738c20a2cc825ae51b2a2f786248f850c8bab6f5,,ica-declass.pdf,
5/28/2021,5/25/2021,48b5fb3fa3ea67c2bc0086c41ec755c39d748a7100d71b81f618e82bf1c479f0,SHA256,White,May 21 Midnight Blizzard Indicators,Malicious LNK,,1cb1c2cd9f59d4e83eb3c950473a772406ec6f1a,,reports.lnk,
5/28/2021,5/25/2021,48b5fb3fa3ea67c2bc0086c41ec755c39d748a7100d71b81f618e82bf1c479f0,SHA256,White,May 21 Midnight Blizzard Indicators,Malicious LNK,,1cb1c2cd9f59d4e83eb3c950473a772406ec6f1a,,reports.lnk,
5/28/2021,,9059c5b46dce8595fcc46e63e4ffbceeed883b7b1c9a2313f7208a7f26a0c186,SHA256,White,May 21 Midnight Blizzard Indicators,Email Attachment,EnvyScout,aa5589fe1e149ef2e4274c7d548782c86b4838f2,44011659d6f589e6b654f5ef0e1d8b6c,Attachment.html,
5/28/2021,,ca66b671a75bbee69a4a4d3000b45d5dc7d3891c7ee5891272ccb2c5aed5746c,SHA256,White,May 21 Midnight Blizzard Indicators,Email Attachment,,c9664713467821b2fe228652396045418a72d264,,ScanClientUpdate.zip,
5/28/2021,,6df1d7191f6dd930642cc5c599efb54bfcc964b7a2e77f6007787de472b22a6a,SHA256,White,May 21 Midnight Blizzard Indicators,Email Attachment,EnvyScout,87f423dec511678bb970cb66a84ceb4f526ff61a,5a75adf861a11e0d8557630759cd0aff,attachment.html,
5/28/2021,,3b94cc71c325f9068105b9e7d5c9667b1de2bde85b7abc5b29ff649fd54715c4,SHA256,White,May 21 Midnight Blizzard Indicators,2nd Stage,NativeZone,fc781887fd0579044bbf783e6c408eb0eea43485,66534e53d8751a24a767221fed01268d,KM.FileSystem.dll,doggroomingnews.com
5/28/2021,,60e20576b08a24cdaeaabc4849011885fb7517713226e2663031d9533d2187bc,SHA256,White,May 21 Midnight Blizzard Indicators,Container,,f48026a143a8b4e347298b4a99b38cda20fb19d1,,attachment.img,
5/28/2021,,f006af714379fdd63923536d908f916f4c55480f3d07adadd53d5807e0c285ee,SHA256,White,May 21 Midnight Blizzard Indicators,Container,,01abab121bf50daa0efd6ed2791b6dbdf944232d,,attachment.iso,
5/28/2021,,89016b87e97a07b4e0263a18827defdeaa3e150b1523534bbdebe7305beabb64,SHA256,White,May 21 Midnight Blizzard Indicators,Container,,6de2eb459ea44224d0bb08f72229478fbc3c5707,,AktualizC!ciu.img,
5/28/2021,,7ed1b6753c94250ad3c1c675eb644940c8104ff06a123252173c33cc1be5e434,SHA256,White,May 21 Midnight Blizzard Indicators,Container,,,,ICA-declass.iso,
5/28/2021,,74202eed181e2b83dd0ab6f791a34a13bd94e63e86b82395f9443cb5aeddc891,SHA256,White,May 21 Midnight Blizzard Indicators,Malicious LNK,,44b1884801c72dc8b218298aa1c537c69f2dfbfa,,ScanClientUpdate.lnk,
5/28/2021,,2a352380d61e89c89f03f4008044241a38751284995d000c73acf9cad38b989e,SHA256,White,May 21 Midnight Blizzard Indicators,CobaltStrike,CobaltStrike,6114655cf8ddfd115156a1c450ba01e31887fabb,,msdiskmountservice.dll,74d6b7b2.app.giftbox4u.com
5/28/2021,,776014a63bf3cc7034bd5b6a9c36c75a930b59182fe232535bb7a305e539967b,SHA256,White,May 21 Midnight Blizzard Indicators,CobaltStrike,CobaltStrike,247a32ebee0595605bab77fc6ff619f66740310b,,diassvcs.dll,content.pcmsar.net
5/28/2021,,d37347f47bb8c7831ae9bb902ed27a6ce85ddd9ba6dd1e963542fd63047b829c,SHA256,White,May 21 Midnight Blizzard Indicators,Decoy Document,,4a830e38390d8a9614754aca1019955279c1d4a0,,Meeting info.docx,
5/28/2021,,7a3b27cf04b7f8110fc1eee5f9c4830d38ac00467fc856330115af4bffaf35b6,SHA256,White,May 21 Midnight Blizzard Indicators,Decoy Document,,4214cc0616f63c53c4deb9f6ce70af335edd1733,,reply slip.rtf,
5/28/2021,,eae312c5ec2028a2602c9654be679ecde099b2c0b148f8d71fca43706efe4c76,SHA256,White,May 21 Midnight Blizzard Indicators,Malicious LNK,,10bfc411ed9c7290b2bed79b8c085dbfc3f933de,,Attachment.lnk,
5/28/2021,,f88530bc87cf2c133c0a50e434ce0428694901fe7860abb42737097fdea56b30,SHA256,White,May 21 Midnight Blizzard Indicators,Malicious LNK,,5c6ec94ef0c56f1ce12e724779c2082d615d4a93,,reply slip.lnk,
5/28/2021,,69f0d85119123f3c2e4c052a83671732aced07312a05a3abf4ab0360c70f65de,SHA256,White,May 21 Midnight Blizzard Indicators,Malicious LNK,,6e45cc934336d7709647c1c61d9f215f15fef396,,AKTUALIZ.LNK,
5/28/2021,,4fbfeb7a0bb6b9841b92fa4e6b5a7bdb69c2a12ed39691c9495ff88cd6f58836,SHA256,White,May 21 Midnight Blizzard Indicators,2nd Stage,NativeZone,24254ab9102708d66cc22ea47f654108a27ca42d,a2204ac00c46d124469fd664452a70e2,NativeCacheSvc.dll,
5/28/2021,,117317d623003995d639975774edd1bfe38cec7d24b22d3e48d22c91cf8636bb,SHA256,White,May 21 Midnight Blizzard Indicators,2nd Stage,VaporRage,cef1e5707c828a99ee18e49254d293e7921763bc,e0d5873de78e29a4b9194b64bb4bc21a,CertPKIProvider.dll,
5/28/2021,,c4ff632696ec6e406388e1d42421b3cd3b5f79dcb2df67e2022d961d5f5a9e78,SHA256,White,May 21 Midnight Blizzard Indicators,CobaltStrike,CobaltStrike,95227f426d8c3f51d4b9a044254e67a75b655d6a,,Java_SRE_runtime_update.dll,hanproud.com
5/28/2021,,0c14a791f8a48d2944a9fa842f45becb7309ad004695e38f48fca69135d327c6,SHA256,White,May 21 Midnight Blizzard Indicators,CobaltStrike,CobaltStrike,e39a85231826d06d246eae39698fc0370fe4f86e,,mshost.dll,stsnews.com
5/28/2021,,bca5560a9a9dd54be76e4a8d63a66e9cfd731b0bd28524db05cc498bb5b56384,SHA256,White,May 21 Midnight Blizzard Indicators,CobaltStrike,CobaltStrike,d9b5b81a257f22c8036bbb104846779eefd3882a,,msch.dll,newstepsco.com
5/28/2021,,1c17c39af41a5d8f54441ce6b1cf925f6727a2ee9038284a8a7071c984d0460f,SHA256,White,May 21 Midnight Blizzard Indicators,CobaltStrike,VaporRage,3cd806704ab55ba8c8415ddb53c99e5477f64317,,mswsc.dll,newsplacec.com
5/28/2021,,d7c05bd68e8bde3d13aa7dbd6911461104d06715da15d3ee7f75136fa8330cc2,SHA256,White,May 21 Midnight Blizzard Indicators,Malicious LNK,,e1491c7ae53bbefccd589437877f48ecdc8a36a7,,Integrated Review.lnk,
5/28/2021,,74d6b7b2.app.giftbox4u.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,aimsecurity.net,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,cdn.theyardservice.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,cdnappservice.firebaseio.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,cityloss.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,content.pcmsar.net,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,cross-checking.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,dailydews.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,dataplane.theyardservice.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,doggroomingnews.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,email.theyardservice.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,emergencystreet.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,enpport.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,eventbrite-com-default-rtdb.firebaseio.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,financialmarket.org,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,giftbox4u.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,hanproud.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,holescontracting.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,humanitarian-forum-default-rtdb.firebaseio.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,newsplacec.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,newstepsco.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,pcmsar.net,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,security-updater-default-rtdb.firebaseio.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,smtp2.theyardservice.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,static.theyardservice.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,stockmarketon.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,stsnews.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,supportcdn-default-rtdb.firebaseio.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,tacomanewspaper.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,techiefly.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,theadminforum.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,theyardservice.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,trendignews.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,usaid.theyardservice.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,worldhomeoutlet.com,Domain,White,May 21 Midnight Blizzard Indicators,Malicious Domain,,,,,
5/28/2021,,139.99.167.177,IP,White,May 21 Midnight Blizzard Indicators,Malicious IP Address,,,,,
5/28/2021,,185.158.250.239,IP,White,May 21 Midnight Blizzard Indicators,Malicious IP Address,,,,,
5/28/2021,,195.206.181.169,IP,White,May 21 Midnight Blizzard Indicators,Malicious IP Address,,,,,
5/28/2021,,37.120.247.135,IP,White,May 21 Midnight Blizzard Indicators,Malicious IP Address,,,,,
5/28/2021,,45.135.167.27,IP,White,May 21 Midnight Blizzard Indicators,Malicious IP Address,,,,,
5/28/2021,,51.254.241.158,IP,White,May 21 Midnight Blizzard Indicators,Malicious IP Address,,,,,
5/28/2021,,51.38.85.225,IP,White,May 21 Midnight Blizzard Indicators,Malicious IP Address,,,,,