Indicator_type,Data,Note
file_path_name,C:\windows\cert.exe,Copied CERTUTIL
file_path_name,C:\windows\msmpeng.exe,Outdated Defender executable vulnerable to DLL sideload
sha256,33bc14d231a4afaa18f06513766d5f69d8b88f1e697cd127d24fb4b72ad44c7a,Outdated Defender executable vulnerable to DLL sideload
file_path_name,C:\kworking\agent.crt,Revil dropper used in Kaseya exploit
sha256,d55f983c994caa160ec63a59f6b4250fe67fb3e8c43a388aec60a4a6978e9f1,Revil dropper used in Kaseya exploit
file_path_name,C:\windows\mpsvc.dll,Revil ransomware DLL
sha256,8dd620d9aeb35960bb766458c8890ede987c33d239cf730f93fe49d90ae759dd,Revil ransomware DLL
domain,ncuccr.org,
domain,1team.es,
domain,4net.guru,
domain,35-40konkatsu.net,
domain,123vrachi.ru,
domain,4youbeautysalon.com,
domain,12starhd.online,
domain,101gowrie.com,
domain,8449nohate.org,
domain,1kbk.com.ua,
domain,365questions.org,
domain,321play.com.hk,
domain,candyhouseusa.com,
domain,andersongilmour.co.uk,
domain,facettenreich27.de,
domain,blgr.be,
domain,fannmedias.com,
domain,southeasternacademyofprosthodontics.org,
domain,filmstreamingvfcomplet.be,
domain,smartypractice.com,
domain,tanzschule-kieber.de,
domain,iqbalscientific.com,
domain,pasvenska.se,
domain,cursosgratuitosnainternet.com,
domain,bierensgebakkramen.nl,
domain,c2e-poitiers.com,
domain,gonzalezfornes.es,
domain,tonelektro.nl,
domain,milestoneshows.com,
domain,blossombeyond50.com,
domain,thomasvicino.com,
domain,kaotikkustomz.com,
domain,mindpackstudios.com,
domain,faroairporttransfers.net,
domain,daklesa.de,
domain,bxdf.info,
domain,simoneblum.de,
domain,gmto.fr,
domain,cerebralforce.net,
domain,myhostcloud.com,
domain,fotoscondron.com,
domain,sw1m.ru,
domain,homng.net,