McAfee Labs Threat Advisory Published Ransomware-Locky | Check Your Systems Indicators of Compromise (IOC)

Indicators of Compromise (IOC) 

The following indicators can be used to identify potentially infected machines in an automated way.

We assume the user's machine to be infected:
If the following registry key has been added to the system:

• HKEY_CURRENT_USER\ Software\Microsoft\Windows\CurrentVersion\Run “Locky" = “%TEMP%\.exe” 

• HKEY_CURRENT_USER\Software\Locky "id" = < Personal Identification ID> “pubkey” = “paytext” = “completed” = “0x1” [This value will be added after completion of encryption] 

If there is any network traffic to the IP addresses mentioned below:

• 95.181.171.58
• 185.14.30.97
• 195.22.28.196
• 195.22.28.198
• pvwinlrmwvccuo.eu
• cgavqeodnop.it
• kqlxtqptsmys.in
• wblejsfob.pw

This entry for information purpose only. If you want to read full report, you should visit here.