From 88970de50fda53e13057abc520099f6c0dec6528 Mon Sep 17 00:00:00 2001
From: blackorbird <137812951@qq.com>
Date: Fri, 20 Sep 2019 12:23:04 +0800
Subject: [PATCH] Update README.MD

---
 Blacktech/README.MD | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/Blacktech/README.MD b/Blacktech/README.MD
index 1bb9c23..e8e9342 100644
--- a/Blacktech/README.MD
+++ b/Blacktech/README.MD
@@ -1,3 +1,19 @@
 
 report：
 https://blogs.jpcert.or.jp/en/2019/09/tscookie-loader.html
+
+
+IOC
+
+/index?o=E7E168C4EC82E
+/news?%c=%X%X
+/index?%c=%X%X
+/?id=%X%X
+/Default.aspx?%c=%X%X
+/m%u.jsp?m=%d
+/N%u.jsp?m=%d
+
+C:\Windows
+C:\ProgramData\Microsoft
+C:\Users\Public\Documents
+C:\Program Files\Internet Explorer