diff --git a/IOCs/README b/IOCs/README
new file mode 100644
index 00000000000..01a7cc29756
--- /dev/null
+++ b/IOCs/README
@@ -0,0 +1 @@
+Lists of indicators of compromise
diff --git a/IOCs/kaspersky_careto_C2.txt b/IOCs/kaspersky_careto_C2.txt
new file mode 100644
index 00000000000..74ad8c5675f
--- /dev/null
+++ b/IOCs/kaspersky_careto_C2.txt
@@ -0,0 +1,17 @@
+190.10.9.209
+190.105.232.46
+196.40.84.94
+200.122.160.25
+202.150.211.102
+202.150.214.50
+202.75.56.123
+202.75.56.231
+202.75.58.153
+210.48.153.236
+223.25.232.161
+37.235.63.127
+75.126.146.114
+81.0.233.15
+82.208.40.11
+62.149.227.3
+75.126.146.114
diff --git a/IOCs/kaspersky_careto_domains.txt b/IOCs/kaspersky_careto_domains.txt
new file mode 100644
index 00000000000..aee5a8627a4
--- /dev/null
+++ b/IOCs/kaspersky_careto_domains.txt
@@ -0,0 +1,26 @@
+nthost.shacknet.nu
+tunga.homedns.org
+prosoccer1.dyndns.info
+prosoccer2.dyndns.info
+nav1002.ath.cx
+pininfarina.dynalias.com
+wqq.dyndns.org
+pl400.dyndns.org
+services.serveftp.org
+sv.serveftp.org
+cherry1962.dyndns.org
+carrus.gotdns.com
+ricush.ath.cx
+takami.podzone.net
+dfup.selfip.org
+wwnav.selfip.net
+fast8.homeftp.org
+ctronlinenews.dyndns.tv
+mango66.dyndns.org
+gx5639.dyndns.tv
+services.serveftp.org
+*.redirserver.net
+*.swupdt.com
+*.msupdt.com
+*.appleupdt.com
+*.linkconf.net
diff --git a/IOCs/kaspersky_careto_files.txt b/IOCs/kaspersky_careto_files.txt
new file mode 100644
index 00000000000..b7b17c5ff10
--- /dev/null
+++ b/IOCs/kaspersky_careto_files.txt
@@ -0,0 +1,47 @@
+%system%\objframe.dll
+%system%\shlink32.dll
+%system%\shlink64.dll
+cdllait32.dll
+cdllait64.dll
+cdlluninstallws32.dll
+cdlluninstallws64.dll
+cdlluninstallsgh32.dll
+cdlluninstallsgh64.dll
+%system%\c_50225.nls
+%system%\c_50227.nls
+%system%\c_50229.nls
+%system%\c_51932.nls
+%system%\c_51936.nls
+%system%\c_51949.nls
+%system%\c_51950.nls
+%system%\c_57002.nls
+%system%\c_57006.nls
+%system%\c_57008.nls
+%system%\c_57010.nls
+%system%\cdgext32.dll
+%system%\cfgbkmgrs.dll
+%system%\cfgmgr64.dll
+%system%\comsvrpcs.dll
+%system%\d3dx8_20.dll
+%system%\dllcomm.dll
+%system%\drivers\wmimgr.sys
+%system%\drvinfo.bin
+%system%\FCache.bin
+%system%\FFExtendedCommand.dll
+%system%\gpktcsp32.dll
+%system%\HPQueue.bin
+%system%\LPQueue.bin
+%system%\mdwmnsp.dll
+%system%\rpcdist.dll
+%system%\scsvrft.dll
+%system%\sdptbw.dll
+%system%\slbkbw.dll
+%system%\skypeie6plugin.dll
+%system%\wmspdmgr.dll
+%temp%\~DF01AC74D8BE15EE01.tmp
+%temp%\~DF23BF45A473C42B56.tmp
+%temp%\~DFA0528CD81300F372.tmp
+%temp%\~DF8471938479DA49221.tmp
+%appdata%\microsoft\c_27803.nls
+%appdata%\microsoft\objframe.dll
+%appdata%\microsoft\shmgr.dll
diff --git a/IOCs/kaspersky_careto_registry.txt b/IOCs/kaspersky_careto_registry.txt
new file mode 100644
index 00000000000..c03e88fd023
--- /dev/null
+++ b/IOCs/kaspersky_careto_registry.txt
@@ -0,0 +1 @@
+[HKLM\Software\Classes\CLSID\{E6BB64BE-0618-4353-9193-0AFE606D6F0C}\InprocServer32]