{"Win.Dropper.Kuluoz-9791754-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba", "22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992", "1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a", "0aa7443491a039aa57dd5e9c155125ce55f98ba956f958a2139dab653c78bbc8", "2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8", "2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125", "25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be", "1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09", "0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e", "025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95", "059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6", "0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d", "26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7", "29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470", "1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba", "22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992", "1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a", "0aa7443491a039aa57dd5e9c155125ce55f98ba956f958a2139dab653c78bbc8", "2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8", "2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125", "25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be", "1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09", "0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e", "025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95", "059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6", "0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d", "26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7", "29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470", "1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba", "22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992", "1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a", "0aa7443491a039aa57dd5e9c155125ce55f98ba956f958a2139dab653c78bbc8", "2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8", "2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125", "25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be", "1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09", "0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e", "025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95", "059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6", "0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d", "26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7", "29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470", "1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba", "22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992", "1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a", "0aa7443491a039aa57dd5e9c155125ce55f98ba956f958a2139dab653c78bbc8", "2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8", "2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125", "25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be", "1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09", "0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e", "025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95", "059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6", "0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d", "26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7", "29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470", "1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba", "22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992", "1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a", "0aa7443491a039aa57dd5e9c155125ce55f98ba956f958a2139dab653c78bbc8", "2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8", "2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125", "25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be", "1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09", "0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e", "025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95", "059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6", "0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d", "26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7", "29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470", "1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba", "22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992", "1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a", "0aa7443491a039aa57dd5e9c155125ce55f98ba956f958a2139dab653c78bbc8", "2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8", "2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125", "25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be", "1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09", "0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e", "025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95", "059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6", "0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d", "26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7", "29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470", "1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba", "22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992", "1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a", "0aa7443491a039aa57dd5e9c155125ce55f98ba956f958a2139dab653c78bbc8", "2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8", "2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125", "25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be", "1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09", "0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e", "025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95", "059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6", "0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d", "26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7", "29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470", "1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75"], "mitre_attack_tags": []}, {"bi": "process-svchost-suspicious-launch", "hashes": ["1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba", "22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992", "1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a", "0aa7443491a039aa57dd5e9c155125ce55f98ba956f958a2139dab653c78bbc8", "2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8", "2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125", "25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be", "1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09", "0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e", "025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95", "059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6", "0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d", "26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7", "29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470", "1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba", "22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992", "1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a", "0aa7443491a039aa57dd5e9c155125ce55f98ba956f958a2139dab653c78bbc8", "2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8", "2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125", "25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be", "1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09", "0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e", "025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95", "059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6", "0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d", "26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7", "29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470", "1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba", "22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992", "1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a", "0aa7443491a039aa57dd5e9c155125ce55f98ba956f958a2139dab653c78bbc8", "2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8", "2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125", "25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be", "1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09", "0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e", "025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95", "059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6", "0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d", "26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7", "29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470", "1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "malware-compound-cta-activity", "hashes": ["1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba", "22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992", "1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a", "0aa7443491a039aa57dd5e9c155125ce55f98ba956f958a2139dab653c78bbc8", "2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8", "2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125", "25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be", "1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09", "0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e", "025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95", "059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6", "0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d", "26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7", "29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470", "1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75"], "mitre_attack_tags": []}, {"bi": "malware-kuluoz-mutex", "hashes": ["1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba", "22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992", "1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a", "0aa7443491a039aa57dd5e9c155125ce55f98ba956f958a2139dab653c78bbc8", "2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8", "2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125", "25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be", "1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09", "0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e", "025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95", "059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6", "0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d", "26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7", "29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470", "1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Kuluoz, sometimes known as \"Asprox,\" is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.", "hashes": ["00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be", "025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569", "07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e", "0aa7443491a039aa57dd5e9c155125ce55f98ba956f958a2139dab653c78bbc8", "0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8", "1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700", "1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6", "1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09", "1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba", "22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75", "25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77", "26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7", "2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c", "29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470", "2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125", "2b52f233837843fd2f9ac91dfd12fac14024341afe3b4aee42257521f5cc7013", "2d8a143e5d35c1efae0151a870e3e85bc13bdd6e4b741053466ed670160b6781", "2ebdcaa67d1655c6f1a8dfc052e1e7b5e2e86a1aa943ee0e22582cf5be733062", "2eeb6059aa5e4a07ace2aea9ae5889d82823cd603da3a381ca2b78fb7a50b6b4", "33c563988b55322fd41841310c7692ff3e60ef1bb8952e11024c6bef6860d21b", "345365550c1d7d34ee37bcb603ad10187cf50a714d05c2828c1b300a82671e08", "38d021c854e019736821337ff7cd39172455caf6912d4a389a5e75f58fe3a814", "4381db62870005b5cbea03abbdd8797e977641471414d418ef5166f66905f881", "4c44f1310861ac36cd30bd52f72c833071781a9553711e59b3b9c499ec8d2036", "4e33729c88fb0da81f502494e917e35d42fb9675da8096e84440ac57de71744f", "4f9d1269126173546f84895366afabcf8274825bb7a5f4f3abdf1fb46755ca00", "5169eceeb9add75da0c76330c099494f4ccb00ff72f2b24db0d731d04068dfb5", "537dda1f521fdb8694e6154f26e832698c5f77eba85f92855b2c42316d4446cb", "5762bbc90ee01e62ed4a988fb04640239916d4fae723c28a84e47f6683e2b2d7", "5deeb448c398170052725e287407192e8827a05e942ef866a651516daa35fb04", "5e3038da3133d847606836d950ffee64bb4f6934f7f4acf670774423d8261d6f", "616dada1b69a1f95bf939ec9f8e110734da466455373eb08ef8f2b8c4c974f8d", "62bba63a499dd39d1a98da7d9cf26854d6ccb3666af475e0cbcdc326ee82ec29", "62d5454c9196174b7c74962439e010f0a286ff8d0bb8eb802c6cd07e4a1d29d4", "6416b475b1a180fa286395d61bbd394867e687799887f40cb8dcafe73df85883", "6437da7ad325c3f165813e568c96413554b7ff47ef630fc88ef2cef10b4b0f00", "64fa016e0036f09f5334881e85f4b85c07347adcd647285b168d1ef9336713ab", "650d50168de29913fdfecbcf955aa85f31fdbcf72be55924aea2e3d7968e6ede", "6551f008b627712144037434d3b0c096260614af01ad19b6b7a656bf1e986151", "668c7724eee20a5fd63304abf76b7df9960f74964b5e2b9566b9dea70d57b13b", "669f95db3f0eee8f843a6019f78c2e6bb4776a5d4bcb073614fff302e1e1482e", "672bc0c800e40b74d93069a65d2ccb0fdb87f47aa8801a6462f3aec4eaae59ab", "687e61e8c58fb63d101bace39d52cb2b3053e423e57b5fe1de71aba09b3825ce", "689b0346acc4dc2ed9e48b97df09cb60eadd158822146e03bd052590fb1258f1", "6a1139c14fcf06d5fdc310dadbf751ab5cbed696ea3a99a5939b1cb5af1240f0", "6c947a705428a36efbe981f8ab75ad9a7e7b791594de81fa606569a4af99c389", "6f6a6dd4a60facd2822fb952e213c8dc1d026f3713789bda11128b41040e3b4f", "6f86325cac778d028e9332060c7cdc4662272999fbf68b5535a5dea63139a695", "6fb85b1ad3fcc9428cc32206acfa835923ce013b55f7112647a8f74a318430cb", "6fbad5a5f1f3b44797dad13187ce882642a80265a1fe2a77ec2b486aa10d799b", "7146b418bd67c1d83f94cf1bdffadea1defef9377a73b488aa3b75559a81fbe0", "7428bed2e0a67a06bf28ec9a777139887a5dc3613dd04ae39bfa7df546c44f35", "78f59a61c3a7f3d15399ada51e117bd154fd7eea6647ae9dabc0e9ef56df8305", "7c10cfc8d61e1694df03cb7f7893915824236e06e4fd4cb43c98b147912112ad", "7c36b509b171966b953e375b7cc6eb7338d41b76aa5a9519b1fba18bcfb4b9fe", "7d43a65a1952f7faf55c6c915a3ef1fb86c4ea5d5d2c3d071efe7253ca4ba1ec", "813c973f489c6a6b27b0e686b95c96cfc66b89bd7f6a9511a5be39d5cd383617", "84f8fa484c62183c9385a5976499a5853c5ee1a45332ee13ab8f1d19e2328242", "87b136ddba82e0e5257a93e88e51c3e73b1fff7fb98bc39251f8efacac6c56d8", "88fabdc0eb78e3789afdda1420059ae7605bcbb88e5e0d8b67aaa3a4ff87ac67", "909c00499c95cf4ffe3f17b9a0c6dab187db88c09918d461ac101f524418d826", "93ab3c3beb2f863c76d595ebaf402b561355e759220b35d803564e494c924dd6", "98914d61bcdc371103134de37811276c02cb89efe0ced4826c3ca6da529127dd", "9c294311f6cb5ea18eecef5d7b375ba73066b69a15e9a68066d65b0ba1b08908", "a0de1a05e0c2ba535545c2dbaeafbf2ddb03417c40fa974dc8f85943c248afef", "a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95", "a66a4595638fb5b53185137ba9f57e4f41dccd5761e77eec9d0212897641fd7f", "a75db0df1b01c6a9c70347feda1b3f2d2d1959c53f06d1a7de47663102065b8c", "a875e3f50942b10d5455150ba0afaa4839d3d80e2924ded57e88e4d06e4771af", "a99c04f4f68337518d6eba8189f21d06c5fa8aea015af65d6d4fb180cbc7d742", "a9b98faf11ca4fa35ae3e85fa3e96904229dbbc7db20e7aa886f3645f90e268b", "ab12e75ca39e5e0ec54f44f55de9110cae7d9fe0c15896ee55a7eae368a67140", "b3bed4953f278dab56eee1b394e61cb6ff9cdf17d5d956a9353e803cb493b6dc", "b4430410916e4bd01a7b2709f786a3ee64c1d148594cbd5ac578c54a9889a654", "b852decbcfe8d1e354216cea9481c89946fc66e372bc8f8f767a0561fdc9b054", "b8b2752d17f713792e3f0b99b413acef2e3cf7563eda5ebc0000a7e988463e2e", "bace5476b2305a230ede79a34806fa5ef05ab093ae613b0a07800eee1c09ce55", "bbc21ed2c74dd5f158c73f34fe098eeac808d7b113f27808474637020b67ceb5", "bf146535ca2bd44ec768b20cd74051b79ab3f4cfe9345b9174c7811c117ba722", "c113766f3accb6e67a5c5cfbf46c3187c5df1fca3ae6d67e78268ef1712f4b93", "c24f202a32bd04b887c0497c22ec9f60ff2b4cfe2cf51919f74860dda59573e0", "c25e51a57a6e37de688cd2f89a1339e143af131f63bd4e23c3ff1c53578a6c91", "c2ae5952b88a2f4d82ba76062cf88240ec660a0609c377a8d92454d359c3d2ca", "c36e40354f699d6c32096a81c3473b2e6a89276e114e5d371d84f145a93ad681", "c5b3c04cc5f24abd8c0b061dfb1169b31e07bb6580a1a73c4a5aac01e9e00467", "c7d4b3630eddaabf64cbedbd750fa3ab0903339b88dda71d984c5877c2fccf48", "ca47c4b817209dc8ba554fc0025213c9e016ed3fd19d7c25f8ccc6b63f8bc614", "cbd90a0ea1c26c53dc08963fe4ee8b8808094ea588ff373ed90d010c9eb0d7f1", "cc7fd2fef8a9aabe9b77e8ce94b7ed44404554e6c13af6eb8c38fd800b567fab", "cca80bc9ceb5345173a0422d9ee3f864442e6e53cbee587879e4239a63651873", "cdb7270c85a3ed19f73f435b9451fb5a4de0375a00eae14686c5bc8ed14c0648", "cfc0ddc9a46bc6bbd6248741f397e6887aed00468b1644735b77119899a7c6cf", "cfe9768f763c4b48361cbbdff292376fe2e382417a0c79901592fd4bbda3775c", "d02026c904d1f8907d012aa28277d76b3704c030c42de36dc2cd1a409b5421e9", "d0ce7e9ed2ec283bfc375239ce56e849c660a73f91371bb32bc969aaa891bb72", "d329f6d1e2e9ff4d9e8218073731100f799c70d4967ae2cb2cbad0220efdd20d", "d8b3e9b1bd229fc6a30ef6285a5ec694ecd5f838777f036f94df0750053c8d3d", "d97dd8ad345396242aedc3428a439a5ffaa66d0bf1bc6c328e8bb5c69db39a42", "daae0659f9a117da625e48fca025fafb1fd1490102200c42d0403a19f0086500", "daea0939225138117b7147dde6c321dc5485c8424567719579bef01435e47a4e", "dd6bf13516dd80e85d5decfb1bb88e8e13745562a4dc51e154ebdd3ae3bae0b0", "de12136af280c6323b4da8ce79b178b08b3675f302172a5da26b17e35fcf7337", "de72145af7e51f24ee5d2b3da2850eb0b27eab52e70ee54504b6224c4bc0ab04", "e030fc530061d59d187e4d69e320dd1d9522983bd56406dfb64632c7cbfea513", "e18289f866208d99bedcff4329a638efe24d58950121e32221b415eb093ef71f", "e45be00d19818189f2fca64882ebce7968fe3f4296b07d3443f802bfe5cdfd33", "ec172f8c579761a752cf0e6d3f40d2d3f64e6e099c6449313a41035def22a462", "edf86d0dae7be0ea128dcb0df4d461cf91849209058efd2fa2db25da93dadb49", "f0d74891db0636cc0f4c705ee188267cba4c6ca7b9833d95a99b446dc91669ae", "f312fe270f9d4480d7684cdd16012a920d082755d9ef369c8210ef777f5dac2f", "f51f3f5ae36d56ae0a928b63c4bab58ef36ea4f9a2c70a3f110c55a726e32370", "f520aaf43ee47370557c63e64f1efa41b4686877f0ceaa83493c03dcdc5fe448", "f87db365cc21f0b255c2a0c43682adf886cb5e934313cab86950ce3a4596d04e", "f91233fe89383b6f3f0bfd37cd4d29d1aa712f812ab8cc50745f44698ffa165e", "fa677f9dd9e9449fe1deae522637358e865bc3b73ad7781c4d5e1f08cf1b7a2a", "fb6a77adf1b55231a2956a4082008ff05b36452b6ad99c6de315ee8e7e8889d6", "fbe93f3b6064edbbc5d4f23faa4ffe942b8816dda50bedf490b2c65ad6c51fc6", "fc181c1f555119f77ff379ec93e26c9996df6392c98634df7c42b5521ff938b5"], "iocs": {"domain": [], "file": [{"hashes": ["00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be", "025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569", "07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e", "0aa7443491a039aa57dd5e9c155125ce55f98ba956f958a2139dab653c78bbc8", "0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8", "1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700", "1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6", "1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09", "1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba", "22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75", "25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77", "26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7", "2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c", "29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470", "2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125", "a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95"], "path": "%LOCALAPPDATA%\\<random, matching '[a-z]{8}'>.exe"}], "ip": [{"hashes": ["00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be", "025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569", "07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e", "0aa7443491a039aa57dd5e9c155125ce55f98ba956f958a2139dab653c78bbc8", "0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700", "1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09", "22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75", "25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77", "26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7", "2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125", "a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95"], "ip": "130[.]60[.]202[.]71"}, {"hashes": ["00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be", "025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569", "07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8", "1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700", "1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba", "22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75", "25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77", "26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7", "2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c", "29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470", "2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125", "a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95"], "ip": "5[.]249[.]139[.]132"}, {"hashes": ["025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569", "07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e", "0aa7443491a039aa57dd5e9c155125ce55f98ba956f958a2139dab653c78bbc8", "0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700", "1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6", "1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba", "22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75", "29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470", "2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125", "a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95"], "ip": "69[.]64[.]36[.]244"}, {"hashes": ["00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be", "0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8", "1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6", "22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75", "26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7", "2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c", "29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470"], "ip": "16[.]156[.]201[.]237"}, {"hashes": ["00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be", "025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8", "1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700", "1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6", "1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09", "1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba", "22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75"], "ip": "5[.]175[.]166[.]35"}, {"hashes": ["00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be", "025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e", "0aa7443491a039aa57dd5e9c155125ce55f98ba956f958a2139dab653c78bbc8", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75", "25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77", "26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7", "2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c", "2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125", "a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95"], "ip": "85[.]12[.]29[.]251"}, {"hashes": ["0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569", "0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8", "1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a", "1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6", "1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09", "25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77", "26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7", "2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c", "29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470"], "ip": "110[.]77[.]220[.]66"}, {"hashes": ["025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569", "0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09", "1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba", "25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77", "2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c", "2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125", "a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95"], "ip": "198[.]57[.]165[.]46"}], "mutex": [{"hashes": ["00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be", "025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569", "07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e", "0aa7443491a039aa57dd5e9c155125ce55f98ba956f958a2139dab653c78bbc8", "0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8", "1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700", "1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6", "1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09", "1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba", "22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75", "25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77", "26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7", "2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c", "29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470", "2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125", "a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95"], "name": "aaAdministrator"}, {"hashes": ["00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be", "025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569", "07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e", "0aa7443491a039aa57dd5e9c155125ce55f98ba956f958a2139dab653c78bbc8", "0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8", "1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700", "1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6", "1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09", "1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba", "22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75", "25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77", "26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7", "2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c", "29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470", "2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125", "a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95"], "name": "abAdministrator"}], "registry": [{"hashes": ["00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be", "025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569", "0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569", "07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e", "0aa7443491a039aa57dd5e9c155125ce55f98ba956f958a2139dab653c78bbc8", "0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d", "0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5", "12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092", "15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8", "1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700", "1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6", "1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09", "1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba", "22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75", "25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77", "26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7", "2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c", "29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470", "2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125", "a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95"], "key": "<HKCU>\\SOFTWARE\\<random, matching '[a-zA-Z0-9]{5,9}'>", "value_name": null}, {"hashes": ["0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75"], "key": "<HKCU>\\SOFTWARE\\LJHTFCNR", "value_name": "dhwucukt"}, {"hashes": ["0ff3dab1766af10bdfeba17efd54a173d2782a5e95a6fd500e66fc8b245caa48", "1a28d22469b8775f7967d057c5bce86486c335874848c5bcc0c53b7d1befbb83", "22d8acdb92968d7923d4de1497b15c6996c37494631f7823023035ece3b6fd75"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "fqgfwbsp"}, {"hashes": ["0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8"], "key": "<HKCU>\\SOFTWARE\\RDIBFLGD", "value_name": "tptpmlvu"}, {"hashes": ["0316a60c065edc2ea7aa83e9ae604910ff81fb62029db54a2aae66db676ea05c", "178034886bedbea5278857f16a9d315be5c7ff9133b8601e782f201c8332fec8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "hqlpxgip"}, {"hashes": ["a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95"], "key": "<HKCU>\\SOFTWARE\\RFPNSTHW", "value_name": "mrvrrvei"}, {"hashes": ["a4215f588a6faab183a4faf84c70f3bfaae6a3bbffbb665428c74a4fde661a95"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "njcelksc"}, {"hashes": ["07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e"], "key": "<HKCU>\\SOFTWARE\\SABHCWOL", "value_name": "ikvpbrea"}, {"hashes": ["07e3fa597c9ae0edff495134f4124b5e83a5b40b0c123e755175f69d2eb26a7e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "efukhihs"}, {"hashes": ["1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700"], "key": "<HKCU>\\SOFTWARE\\KNKMASGL", "value_name": "unvndjfo"}, {"hashes": ["26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7"], "key": "<HKCU>\\SOFTWARE\\EKTCABSE", "value_name": "wxnvcnos"}, {"hashes": ["26cd915a0e732704b90de3315356ec5473b79df8523817086257e9efc355a8d7"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "lujqtbin"}, {"hashes": ["1b88af4b43762b6a8396e38393219d37fc6025cd10c63cdba6ef606946a54700"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "tuadafle"}, {"hashes": ["2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c"], "key": "<HKCU>\\SOFTWARE\\WMXHUOBW", "value_name": "pwqaoveb"}, {"hashes": ["2916fdb8c4628cbb9ec5f1e92df22cc275cd806f8a6335b1c76b4b4a3c36f06c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "rfvjtqro"}, {"hashes": ["1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba"], "key": "<HKCU>\\SOFTWARE\\XJJDLCWW", "value_name": "xnffcgsq"}, {"hashes": ["1f900859bb44152b05fa1f1d61d31fcdfaa9751830bb99702028be33aab1a1ba"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "qberplug"}, {"hashes": ["12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092"], "key": "<HKCU>\\SOFTWARE\\RTFOELRR", "value_name": "jwqogfou"}, {"hashes": ["29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470"], "key": "<HKCU>\\SOFTWARE\\EFCGURQI", "value_name": "bwxpjjan"}, {"hashes": ["12d46192f1c424e1b67ff4fedbf4c6fa3fa8db10f63e594661b26375e570b092"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "exlkscqa"}, {"hashes": ["107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5"], "key": "<HKCU>\\SOFTWARE\\JOQPBVDH", "value_name": "agqfeehb"}, {"hashes": ["29c0e53be2aa94d89184ac8bd6508ce4b62f3cc32d73f31febb3a40c352c5470"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ditdkksa"}, {"hashes": ["107cb9fdbc3a73ffb1a45dfda0be686754330c502fb06ce78b83bf120c76b8d5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "hqxdfeff"}, {"hashes": ["059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569"], "key": "<HKCU>\\SOFTWARE\\WALMTWQU", "value_name": "ktkftafd"}, {"hashes": ["059eeed1e6b058b4a43b162f8f244c812b5b2a65066db5c0c41be8046c6e3569"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "olgicsmm"}, {"hashes": ["1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a"], "key": "<HKCU>\\SOFTWARE\\FIEUNXGH", "value_name": "jphehhpp"}, {"hashes": ["1a0dd7a5ea590b06adf5bb66b5721f408de6ab5e8e665c12cf23944638506a5a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "dnjtxorn"}, {"hashes": ["1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09"], "key": "<HKCU>\\SOFTWARE\\XLMRFIMV", "value_name": "xgnciurs"}, {"hashes": ["1f412866f9de22a99c90574701b8504d336a34266f11edf35cf9a1bfb3cbce09"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "rwkkeout"}, {"hashes": ["1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6"], "key": "<HKCU>\\SOFTWARE\\WGVVDMSP", "value_name": "ixxjgwud"}, {"hashes": ["1e0a671250656da0f526b3f3fac6408f1d976e8e7b7ce3cef859293374ed42b6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "jducdxks"}, {"hashes": ["25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77"], "key": "<HKCU>\\SOFTWARE\\WMBVPOOO", "value_name": "ckdfmbmv"}, {"hashes": ["25195a7e1aa4bc71d2dd3367c0c5343765213d835edd9dbfb01800c66c687b77"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "temhhiwd"}, {"hashes": ["00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be"], "key": "<HKCU>\\SOFTWARE\\ELSEAPUO", "value_name": "phulguij"}, {"hashes": ["00d10bcbdb3460ee4efa7d9e6658cb27b68d5bb3dd7d6a8ca220f3c7d10931be"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "omnewhnw"}, {"hashes": ["0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d"], "key": "<HKCU>\\SOFTWARE\\LVKRARGA", "value_name": "jmmdnocv"}, {"hashes": ["0d541e97cef73974803dc0cf23d51fa91c7ea09f29fd42c79fe6bc19e752c08d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "hquppklp"}, {"hashes": ["025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569"], "key": "<HKCU>\\SOFTWARE\\DVTPGRGS", "value_name": "hkeovqkb"}, {"hashes": ["025ef7f7c559d6c277e4589dc152ecc0d7534aa74682439f4a1798814710a569"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ikwgqwxc"}, {"hashes": ["22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992"], "key": "<HKCU>\\SOFTWARE\\DXWAKGTP", "value_name": "pbieojse"}, {"hashes": ["22521d2488cf8a869363e927bd069083f8b98d8f2dc389fd18916c4ccf988992"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "iipgvill"}, {"hashes": ["0aa7443491a039aa57dd5e9c155125ce55f98ba956f958a2139dab653c78bbc8"], "key": "<HKCU>\\SOFTWARE\\LXKUBTJQ", "value_name": "mbcxixbn"}, {"hashes": ["2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125"], "key": "<HKCU>\\SOFTWARE\\QCUTLMJP", "value_name": "axewlrrv"}, {"hashes": ["0aa7443491a039aa57dd5e9c155125ce55f98ba956f958a2139dab653c78bbc8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "prwkdjgb"}, {"hashes": ["2aa9f5c7c1853e56bd9f950d64c34ab21029bf4f7369355aac4caac6db597125"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "cmjedncr"}, {"hashes": ["15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d"], "key": "<HKCU>\\SOFTWARE\\XVFWBNTL", "value_name": "icmrcosn"}, {"hashes": ["15e52ff7cf29e5d73edd8c49461246f77c4dd1c1280a33acd13dffe3a75d9e0d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "elsgveen"}]}, "reports_count": 26}, "Win.Dropper.Lokibot-9791657-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["ea67e1e48066b1cffcc0af2693d8a38759b168d7b3334ccc9841b41403a8d2f6", "a2058e7365fff5315e1a1452e7d438d8e8149791293654ad0c3976bde76a1795", "89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "0204655a385df7ad8797bfc31f817e1208e7e62154c866a333683f35aa9a7d41", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "18885983795417170faf05d6f4c58dc6dc2ef4977f97d37a2b2c461cc3d0f4a2", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629", "5b0dae6508cd9af449f5462cdbe32c2550339d23c1e77028ab87659564be75de", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8", "26f747be5df0197b793030c61e5bdc84336057b7e40153e42e6f17b50cd420ec", "baedd4452291763813c3fcb3129f1be226b33c5e2ccc8fb85bf6d614c57da29d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["ea67e1e48066b1cffcc0af2693d8a38759b168d7b3334ccc9841b41403a8d2f6", "a2058e7365fff5315e1a1452e7d438d8e8149791293654ad0c3976bde76a1795", "89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "0204655a385df7ad8797bfc31f817e1208e7e62154c866a333683f35aa9a7d41", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "18885983795417170faf05d6f4c58dc6dc2ef4977f97d37a2b2c461cc3d0f4a2", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629", "5b0dae6508cd9af449f5462cdbe32c2550339d23c1e77028ab87659564be75de", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8", "26f747be5df0197b793030c61e5bdc84336057b7e40153e42e6f17b50cd420ec", "baedd4452291763813c3fcb3129f1be226b33c5e2ccc8fb85bf6d614c57da29d"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["ea67e1e48066b1cffcc0af2693d8a38759b168d7b3334ccc9841b41403a8d2f6", "a2058e7365fff5315e1a1452e7d438d8e8149791293654ad0c3976bde76a1795", "89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "0204655a385df7ad8797bfc31f817e1208e7e62154c866a333683f35aa9a7d41", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "18885983795417170faf05d6f4c58dc6dc2ef4977f97d37a2b2c461cc3d0f4a2", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629", "5b0dae6508cd9af449f5462cdbe32c2550339d23c1e77028ab87659564be75de", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8", "26f747be5df0197b793030c61e5bdc84336057b7e40153e42e6f17b50cd420ec", "baedd4452291763813c3fcb3129f1be226b33c5e2ccc8fb85bf6d614c57da29d"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["ea67e1e48066b1cffcc0af2693d8a38759b168d7b3334ccc9841b41403a8d2f6", "a2058e7365fff5315e1a1452e7d438d8e8149791293654ad0c3976bde76a1795", "89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "0204655a385df7ad8797bfc31f817e1208e7e62154c866a333683f35aa9a7d41", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "18885983795417170faf05d6f4c58dc6dc2ef4977f97d37a2b2c461cc3d0f4a2", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629", "5b0dae6508cd9af449f5462cdbe32c2550339d23c1e77028ab87659564be75de", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8", "26f747be5df0197b793030c61e5bdc84336057b7e40153e42e6f17b50cd420ec", "baedd4452291763813c3fcb3129f1be226b33c5e2ccc8fb85bf6d614c57da29d"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["ea67e1e48066b1cffcc0af2693d8a38759b168d7b3334ccc9841b41403a8d2f6", "a2058e7365fff5315e1a1452e7d438d8e8149791293654ad0c3976bde76a1795", "89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "0204655a385df7ad8797bfc31f817e1208e7e62154c866a333683f35aa9a7d41", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "18885983795417170faf05d6f4c58dc6dc2ef4977f97d37a2b2c461cc3d0f4a2", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629", "5b0dae6508cd9af449f5462cdbe32c2550339d23c1e77028ab87659564be75de", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8", "26f747be5df0197b793030c61e5bdc84336057b7e40153e42e6f17b50cd420ec", "baedd4452291763813c3fcb3129f1be226b33c5e2ccc8fb85bf6d614c57da29d"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-tls-callback", "hashes": ["ea67e1e48066b1cffcc0af2693d8a38759b168d7b3334ccc9841b41403a8d2f6", "a2058e7365fff5315e1a1452e7d438d8e8149791293654ad0c3976bde76a1795", "89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "0204655a385df7ad8797bfc31f817e1208e7e62154c866a333683f35aa9a7d41", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "18885983795417170faf05d6f4c58dc6dc2ef4977f97d37a2b2c461cc3d0f4a2", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629", "5b0dae6508cd9af449f5462cdbe32c2550339d23c1e77028ab87659564be75de", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8", "26f747be5df0197b793030c61e5bdc84336057b7e40153e42e6f17b50cd420ec", "baedd4452291763813c3fcb3129f1be226b33c5e2ccc8fb85bf6d614c57da29d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["ea67e1e48066b1cffcc0af2693d8a38759b168d7b3334ccc9841b41403a8d2f6", "a2058e7365fff5315e1a1452e7d438d8e8149791293654ad0c3976bde76a1795", "89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "0204655a385df7ad8797bfc31f817e1208e7e62154c866a333683f35aa9a7d41", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "18885983795417170faf05d6f4c58dc6dc2ef4977f97d37a2b2c461cc3d0f4a2", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629", "5b0dae6508cd9af449f5462cdbe32c2550339d23c1e77028ab87659564be75de", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8", "26f747be5df0197b793030c61e5bdc84336057b7e40153e42e6f17b50cd420ec", "baedd4452291763813c3fcb3129f1be226b33c5e2ccc8fb85bf6d614c57da29d"], "mitre_attack_tags": []}, {"bi": "pe-section-shared", "hashes": ["ea67e1e48066b1cffcc0af2693d8a38759b168d7b3334ccc9841b41403a8d2f6", "a2058e7365fff5315e1a1452e7d438d8e8149791293654ad0c3976bde76a1795", "89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "0204655a385df7ad8797bfc31f817e1208e7e62154c866a333683f35aa9a7d41", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "18885983795417170faf05d6f4c58dc6dc2ef4977f97d37a2b2c461cc3d0f4a2", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629", "5b0dae6508cd9af449f5462cdbe32c2550339d23c1e77028ab87659564be75de", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8", "26f747be5df0197b793030c61e5bdc84336057b7e40153e42e6f17b50cd420ec", "baedd4452291763813c3fcb3129f1be226b33c5e2ccc8fb85bf6d614c57da29d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-ini-read", "hashes": ["ea67e1e48066b1cffcc0af2693d8a38759b168d7b3334ccc9841b41403a8d2f6", "89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "0204655a385df7ad8797bfc31f817e1208e7e62154c866a333683f35aa9a7d41", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "18885983795417170faf05d6f4c58dc6dc2ef4977f97d37a2b2c461cc3d0f4a2", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["ea67e1e48066b1cffcc0af2693d8a38759b168d7b3334ccc9841b41403a8d2f6", "89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "0204655a385df7ad8797bfc31f817e1208e7e62154c866a333683f35aa9a7d41", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "18885983795417170faf05d6f4c58dc6dc2ef4977f97d37a2b2c461cc3d0f4a2", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["ea67e1e48066b1cffcc0af2693d8a38759b168d7b3334ccc9841b41403a8d2f6", "89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "0204655a385df7ad8797bfc31f817e1208e7e62154c866a333683f35aa9a7d41", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "18885983795417170faf05d6f4c58dc6dc2ef4977f97d37a2b2c461cc3d0f4a2", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["ea67e1e48066b1cffcc0af2693d8a38759b168d7b3334ccc9841b41403a8d2f6", "89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "0204655a385df7ad8797bfc31f817e1208e7e62154c866a333683f35aa9a7d41", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "18885983795417170faf05d6f4c58dc6dc2ef4977f97d37a2b2c461cc3d0f4a2", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119"]}, {"bi": "modified-file-in-user-dir", "hashes": ["a2058e7365fff5315e1a1452e7d438d8e8149791293654ad0c3976bde76a1795", "89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["ea67e1e48066b1cffcc0af2693d8a38759b168d7b3334ccc9841b41403a8d2f6", "a2058e7365fff5315e1a1452e7d438d8e8149791293654ad0c3976bde76a1795", "0204655a385df7ad8797bfc31f817e1208e7e62154c866a333683f35aa9a7d41", "18885983795417170faf05d6f4c58dc6dc2ef4977f97d37a2b2c461cc3d0f4a2", "578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629", "26f747be5df0197b793030c61e5bdc84336057b7e40153e42e6f17b50cd420ec", "baedd4452291763813c3fcb3129f1be226b33c5e2ccc8fb85bf6d614c57da29d"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "network-file-uploaded", "hashes": ["89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "feed-domain-rat", "hashes": ["89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8"], "mitre_attack_tags": []}, {"bi": "malware-lokibot-mutex-detected", "hashes": ["89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "deleted-submitted-file", "hashes": ["89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "malware-known-trojan-av", "hashes": ["89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8"], "mitre_attack_tags": []}, {"bi": "altered-sample-snort-flagged", "hashes": ["89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "malware-guloader-traffic-detected", "hashes": ["89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53"], "mitre_attack_tags": []}, {"bi": "malware-generic-infostealer", "hashes": ["ea67e1e48066b1cffcc0af2693d8a38759b168d7b3334ccc9841b41403a8d2f6", "0204655a385df7ad8797bfc31f817e1208e7e62154c866a333683f35aa9a7d41", "18885983795417170faf05d6f4c58dc6dc2ef4977f97d37a2b2c461cc3d0f4a2", "578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119"]}, {"bi": "network-opendns-malicious", "hashes": ["ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53"], "mitre_attack_tags": []}, {"bi": "network-dns-malicious-snort", "hashes": ["ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "network-dns-upload-file", "hashes": ["ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53"], "mitre_attack_tags": []}, {"bi": "process-check-ucbrowser", "hashes": ["ea67e1e48066b1cffcc0af2693d8a38759b168d7b3334ccc9841b41403a8d2f6", "0204655a385df7ad8797bfc31f817e1208e7e62154c866a333683f35aa9a7d41", "18885983795417170faf05d6f4c58dc6dc2ef4977f97d37a2b2c461cc3d0f4a2"], "mitre_attack_tags": ["TA0007"]}, {"bi": "nginx-webserver-detected", "hashes": ["89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["a2058e7365fff5315e1a1452e7d438d8e8149791293654ad0c3976bde76a1795"], "mitre_attack_tags": []}, {"bi": "dot-net-crash-tool-execution-detected", "hashes": ["a2058e7365fff5315e1a1452e7d438d8e8149791293654ad0c3976bde76a1795"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-communications-smtp", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "listening-port-opened", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "network-http-blank-user-agent", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "registry-autorun-key-modified", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": []}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": []}, {"bi": "artifact-memory-vm-detect", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "process-check-opera-appdata-folder", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": ["TA0007", "T1083"]}, {"bi": "usb-drive-autoplay-modification", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": ["TA0008", "TA0001", "T1091"]}, {"bi": "modified-file-on-usb", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": ["TA0008", "TA0003", "T1091"]}, {"bi": "sample-copied-to-usb", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": ["TA0008", "TA0003", "T1091"]}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": []}, {"bi": "compiler-vbc-run", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": ["TA0005", "T1500"]}, {"bi": "process-check-browser-mail-client-files", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": ["TA0007"]}, {"bi": "malware-hawkeye-detected", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": []}, {"bi": "process-check-windows-live-mail-appdata-folder", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": ["TA0007", "T1083"]}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "enumeration-email-program-information", "hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119", "T1114"]}, {"bi": "network-snort-protocol", "hashes": ["1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.", "hashes": ["0204655a385df7ad8797bfc31f817e1208e7e62154c866a333683f35aa9a7d41", "18885983795417170faf05d6f4c58dc6dc2ef4977f97d37a2b2c461cc3d0f4a2", "1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "26f747be5df0197b793030c61e5bdc84336057b7e40153e42e6f17b50cd420ec", "578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629", "5b0dae6508cd9af449f5462cdbe32c2550339d23c1e77028ab87659564be75de", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8", "a2058e7365fff5315e1a1452e7d438d8e8149791293654ad0c3976bde76a1795", "baedd4452291763813c3fcb3129f1be226b33c5e2ccc8fb85bf6d614c57da29d", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "ea67e1e48066b1cffcc0af2693d8a38759b168d7b3334ccc9841b41403a8d2f6", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52"], "iocs": {"domain": [{"hashes": ["6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a"], "host": "legalpath[.]in"}, {"hashes": ["89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52"], "host": "paciflxinc[.]com"}, {"hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "host": "whatismyipaddress[.]com"}, {"hashes": ["1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53"], "host": "airmanselectiontest[.]com"}, {"hashes": ["ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f"], "host": "venitronics[.]com"}, {"hashes": ["9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8"], "host": "www[.]webserverboxservices[.]com"}, {"hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "host": "mail[.]ilkimegitim[.]com"}, {"hashes": ["9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8"], "host": "webserverboxservices[.]com"}], "file": [{"hashes": ["1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52"], "path": "%APPDATA%\\D282E1"}, {"hashes": ["1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52"], "path": "%APPDATA%\\D282E1\\1E80C5.lck"}, {"hashes": ["1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52"], "path": "%APPDATA%\\7C7955\\5D4644.lck"}, {"hashes": ["1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52"], "path": "%APPDATA%\\7C7955\\5D4644.exe (copy)"}, {"hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "path": "\\Sys.exe"}, {"hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "path": "\\autorun.inf"}, {"hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "path": "E:\\autorun.inf"}, {"hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "path": "%APPDATA%\\pid.txt"}, {"hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "path": "%APPDATA%\\pidloc.txt"}, {"hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "path": "%TEMP%\\holdermail.txt"}, {"hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "path": "%TEMP%\\holderwb.txt"}, {"hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "path": "E:\\Sys.exe"}, {"hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "path": "%APPDATA%\\WindowsUpdate.exe"}, {"hashes": ["26f747be5df0197b793030c61e5bdc84336057b7e40153e42e6f17b50cd420ec"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1024_768_POS4.jpg"}, {"hashes": ["26f747be5df0197b793030c61e5bdc84336057b7e40153e42e6f17b50cd420ec"], "path": "%TEMP%\\WAXDB19.tmp"}, {"hashes": ["26f747be5df0197b793030c61e5bdc84336057b7e40153e42e6f17b50cd420ec"], "path": "%TEMP%\\WAX19A3.tmp"}], "ip": [{"hashes": ["1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a"], "ip": "103[.]83[.]81[.]68"}, {"hashes": ["89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52"], "ip": "185[.]180[.]198[.]135"}, {"hashes": ["89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52"], "ip": "185[.]209[.]1[.]127"}, {"hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "ip": "104[.]16[.]155[.]36"}, {"hashes": ["26f747be5df0197b793030c61e5bdc84336057b7e40153e42e6f17b50cd420ec"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f"], "ip": "103[.]129[.]98[.]58"}, {"hashes": ["9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8"], "ip": "46[.]17[.]98[.]105"}, {"hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "ip": "188[.]165[.]205[.]198"}], "mutex": [{"hashes": ["1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "6dea1bdf016f1e88f6fedfa3b79d89ebfed8f1aa0db547a7d389bc59b589f18a", "89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52"], "name": "3749282D282E1E80C56CAE5A"}, {"hashes": ["1ab3437a50129edfc7fb6fb1117468f6166387e29e7b8b84123bc817fa80ec53", "6020db3ccb630880906593dbdbe6c4487ec81e8dea4555114f33eef0ac16b62a", "89605a9bb702c8522e00bdf8a51a381eddda7ba3fa1bf2a195b05b2e4cd0c278", "9ad6d1ef3260754d34b6be1ce0aabf340d879eec0f6fe88086690d0fb0ea14e8", "ce9d8f4765b5204c63db281fb6f3124681ee66a75d236426027c71f1fc575b0f", "ed99c6d4488132dfafd9fc90a075a88eafbc5dfe6d24a22b05449f932ae02f52"], "name": "9DAA44F7C7955D46445DC99B"}, {"hashes": ["a2058e7365fff5315e1a1452e7d438d8e8149791293654ad0c3976bde76a1795"], "name": "Global\\cefa5160-24d7-11eb-b5f8-00501e3ae7b6"}], "registry": [{"hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "Hidden"}, {"hashes": ["578527d2bad084c3e95629d1bf870074cdc7c88e857256da8884f3c16272a629"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Update"}]}, "reports_count": 15}, "Win.Dropper.NetWire-9791538-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f", "05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f", "05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f", "05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f", "05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f", "05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f", "05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f", "05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f", "05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f", "05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f", "05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0"], "mitre_attack_tags": []}, {"bi": "pe-uses-visual-basic", "hashes": ["a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f", "05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0"], "mitre_attack_tags": []}, {"bi": "excessive-tcp-connections", "hashes": ["a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f", "05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "pe-imports-toolhelp", "hashes": ["a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f", "05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f", "05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-compound-cta-activity", "hashes": ["a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f", "05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0"], "mitre_attack_tags": []}, {"bi": "startup-folder-modification", "hashes": ["a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f", "05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "malware-netwire-mutex", "hashes": ["a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f", "05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0"], "mitre_attack_tags": []}, {"bi": "malware-netwire-artifact", "hashes": ["a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f", "05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "NetWire is a RAT that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, remote desktop, and read data from connected USB devices. NetWire is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f"], "iocs": {"domain": [], "file": [{"hashes": ["05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f"], "path": "\\.Identifier"}, {"hashes": ["05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f"], "path": "\\TEMP\\.Identifier"}, {"hashes": ["05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\copied.vbe"}, {"hashes": ["05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f"], "path": "%TEMP%\\copied.exe"}, {"hashes": ["05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\copied.vbe"}], "ip": [{"hashes": ["05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "0ab252c2030251d9349af49c0302cd99a3fbcc4986496ebf066bf356064bcdb0", "2966724847a8b631a4dcaec9a97a553215b021330c73cc67171f4e144caa4ad4", "33a28d2dceceeee37555827985f7144f2cc7e4eb5c60add95cfd4e7bb0d59814", "5a2ebdfe880d4ab18f896489654531ea235a85a5305f88f586f73788124d7675", "6a3f7b69737a5278502bc970141616b59eb9b45824f8eec70c7bb9647b061911", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "733746c059b7bfb321c630d4d4163389f1c075aae5186c9c7486e90e5172b075", "7bbf9d93e7dfe0fd5c3f4b9e84c18f4250697f351598f4ec52c19f757d32bef8", "886b9318b9c3f3a2dcf5df566cc00994c31521883548c4391cb47740bab506e9", "a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624", "b11d25a98c485c47e797b564e5bb8f4b04c34d4f4ac7e9e457026c5974d3bde9", "d930658345944656d67151147359ae7c23501aa902f4c0670cb4594d97c4cd2f"], "ip": "185[.]140[.]53[.]231"}], "mutex": [{"hashes": ["05fd93b4f6461a3fa19e38b482c7c372ddcbf9c6d28e3dfe8fd4db854138eb31", "6db000623c7055806472a7b6432d723e97d29aab449ae8a11fa6c43c8a1e0931", "6fdcfa74b87cac7dd64fa319a5374ba5c7ed6bc0df9a586c0ae677009d6c2de7", "a2c9f40ab0d9577bfa68a32aa858c60909c988a557897a0a8703922708f65624"], "name": "-"}], "registry": []}, "reports_count": 14}, "Win.Dropper.TinyBanker-9791753-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "212ba3802d3a843241f6df38fd858292821d3f76d028fc9e8a4b0e7aefcfcedf", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "3f9f2e8ad68f8d67a60c9adae68516b72c772a8f0f6c87e0c6f16f1e2ac599a5", "083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "212ba3802d3a843241f6df38fd858292821d3f76d028fc9e8a4b0e7aefcfcedf", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "3f9f2e8ad68f8d67a60c9adae68516b72c772a8f0f6c87e0c6f16f1e2ac599a5", "083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "212ba3802d3a843241f6df38fd858292821d3f76d028fc9e8a4b0e7aefcfcedf", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "3f9f2e8ad68f8d67a60c9adae68516b72c772a8f0f6c87e0c6f16f1e2ac599a5", "083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "212ba3802d3a843241f6df38fd858292821d3f76d028fc9e8a4b0e7aefcfcedf", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "3f9f2e8ad68f8d67a60c9adae68516b72c772a8f0f6c87e0c6f16f1e2ac599a5", "083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "212ba3802d3a843241f6df38fd858292821d3f76d028fc9e8a4b0e7aefcfcedf", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "3f9f2e8ad68f8d67a60c9adae68516b72c772a8f0f6c87e0c6f16f1e2ac599a5", "083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "212ba3802d3a843241f6df38fd858292821d3f76d028fc9e8a4b0e7aefcfcedf", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "3f9f2e8ad68f8d67a60c9adae68516b72c772a8f0f6c87e0c6f16f1e2ac599a5", "083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "212ba3802d3a843241f6df38fd858292821d3f76d028fc9e8a4b0e7aefcfcedf", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "3f9f2e8ad68f8d67a60c9adae68516b72c772a8f0f6c87e0c6f16f1e2ac599a5", "083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "212ba3802d3a843241f6df38fd858292821d3f76d028fc9e8a4b0e7aefcfcedf", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "3f9f2e8ad68f8d67a60c9adae68516b72c772a8f0f6c87e0c6f16f1e2ac599a5", "083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "212ba3802d3a843241f6df38fd858292821d3f76d028fc9e8a4b0e7aefcfcedf", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "3f9f2e8ad68f8d67a60c9adae68516b72c772a8f0f6c87e0c6f16f1e2ac599a5", "083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-resource-lang-russian", "hashes": ["829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "212ba3802d3a843241f6df38fd858292821d3f76d028fc9e8a4b0e7aefcfcedf", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "3f9f2e8ad68f8d67a60c9adae68516b72c772a8f0f6c87e0c6f16f1e2ac599a5", "083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "212ba3802d3a843241f6df38fd858292821d3f76d028fc9e8a4b0e7aefcfcedf", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "3f9f2e8ad68f8d67a60c9adae68516b72c772a8f0f6c87e0c6f16f1e2ac599a5", "083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "malware-trojan-tinybanker", "hashes": ["829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "212ba3802d3a843241f6df38fd858292821d3f76d028fc9e8a4b0e7aefcfcedf", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "3f9f2e8ad68f8d67a60c9adae68516b72c772a8f0f6c87e0c6f16f1e2ac599a5", "083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34"], "mitre_attack_tags": []}, {"bi": "malware-trojan-tinybanker-mutex-detected", "hashes": ["829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "212ba3802d3a843241f6df38fd858292821d3f76d028fc9e8a4b0e7aefcfcedf", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "3f9f2e8ad68f8d67a60c9adae68516b72c772a8f0f6c87e0c6f16f1e2ac599a5", "083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34"], "mitre_attack_tags": []}, {"bi": "artifact-windows-task", "hashes": ["829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "212ba3802d3a843241f6df38fd858292821d3f76d028fc9e8a4b0e7aefcfcedf", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "windows-os-reboot-detected", "hashes": ["829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "212ba3802d3a843241f6df38fd858292821d3f76d028fc9e8a4b0e7aefcfcedf", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34"], "mitre_attack_tags": ["TA0005"]}, {"bi": "hook-installed", "hashes": ["829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "TinyBanker, also known as Zusy or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as \"explorer.exe\" and \"winver.exe.\" When the user accesses a banking website, it displays a form to trick the user into submitting personal information.", "hashes": ["083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "212ba3802d3a843241f6df38fd858292821d3f76d028fc9e8a4b0e7aefcfcedf", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "3f9f2e8ad68f8d67a60c9adae68516b72c772a8f0f6c87e0c6f16f1e2ac599a5", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3"], "iocs": {"domain": [{"hashes": ["a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e"], "host": "ivrvfntohghc[.]com"}, {"hashes": ["a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e"], "host": "oreganogf[.]su"}, {"hashes": ["a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e"], "host": "llenngpoefxy[.]com"}, {"hashes": ["a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e"], "host": "ifkmqtsfiiqr[.]com"}, {"hashes": ["a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e"], "host": "ihxghiyqmhim[.]com"}, {"hashes": ["a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e"], "host": "jnfeqhkpihgc[.]com"}, {"hashes": ["a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e"], "host": "fjedebccuuhc[.]com"}], "file": [{"hashes": ["083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "212ba3802d3a843241f6df38fd858292821d3f76d028fc9e8a4b0e7aefcfcedf", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "3f9f2e8ad68f8d67a60c9adae68516b72c772a8f0f6c87e0c6f16f1e2ac599a5", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3"], "path": "%HOMEPATH%\\AppData\\LocalLow\\EEFEB657"}, {"hashes": ["083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "212ba3802d3a843241f6df38fd858292821d3f76d028fc9e8a4b0e7aefcfcedf", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "3f9f2e8ad68f8d67a60c9adae68516b72c772a8f0f6c87e0c6f16f1e2ac599a5", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3"], "path": "%APPDATA%\\EEFEB657"}, {"hashes": ["083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "212ba3802d3a843241f6df38fd858292821d3f76d028fc9e8a4b0e7aefcfcedf", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "3f9f2e8ad68f8d67a60c9adae68516b72c772a8f0f6c87e0c6f16f1e2ac599a5", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3"], "path": "%APPDATA%\\EEFEB657\\bin.exe"}, {"hashes": ["a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e"], "path": "%APPDATA%\\4A60888F\\bin.exe"}], "ip": [{"hashes": ["a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e"], "ip": "216[.]218[.]185[.]162"}], "mutex": [{"hashes": ["083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "212ba3802d3a843241f6df38fd858292821d3f76d028fc9e8a4b0e7aefcfcedf", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "3f9f2e8ad68f8d67a60c9adae68516b72c772a8f0f6c87e0c6f16f1e2ac599a5", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3"], "name": "EEFEB657"}, {"hashes": ["a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e"], "name": "4A60888F"}], "registry": [{"hashes": ["083b8120a63335546b2c0a2752858c020da79aaba3d77312309b0593edc41e11", "0f8d6c7f5d30903c061eeb72b86e2244febfaac9acc487f00b4b7a498443c176", "154ce8d2f23b85f2b336a33e25e7169b2dd6d7dd00b495bbf2fd75c3d55e1bc2", "15d994a9f7d733e2ed3d152892700cd1deff33612400773c43fe432abb88b204", "212ba3802d3a843241f6df38fd858292821d3f76d028fc9e8a4b0e7aefcfcedf", "3e1a950fecec8ec3389c9f551363fc44b0e7b8a29bf805d17d097aa470e7eeb3", "3f9f2e8ad68f8d67a60c9adae68516b72c772a8f0f6c87e0c6f16f1e2ac599a5", "48d33d07e368bb97efd423fffa53499cde4d6c39e35458bd3e0789d116667d55", "6e31790fe5123d0ecd396f699ff40fdd3951ecb1c9684f031bfad8d90327bcb6", "829fb2e1b0916d0b90d53011efe234b5a856da2c9ab6a8488bf51eb50be23839", "90ceb0b7911416cfeece5c05c152063558633130ff62f4b00e15d3d0fee2cfbf", "a7449c74ef44975eb78306706ab75334ece23db46d1f5d2d4b1a699a1044519e", "c38e694810b920061c75480baf5d38c9c4a839d7025d664279f0cd6e371c9a40", "e51a70b05fc74cbeb366ea82063a653c2f54765bb417bcf69af7740ebddaac34", "e8e5762bf734458438b97956fb442e7dedbafa6d05faa3ff30d60c9c5821bcd3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "EEFEB657"}]}, "reports_count": 15}, "Win.Malware.Trickbot-9791619-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["1ac155873282737be0b0c6bba7d65cf265ef304a26add37a692fbf96df511593", "307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "1b1555a96f617f0d17ad3b59ca38126be64c5c3da660fb030c9a41c7951d88d1", "19db44ea86ce5522337992bff502d7a31a271de4fceb2551704c9757477b78e0", "07d337c974b4b7f408fa4f160e77954258d9b5a0804703a97610c2b3856d8254", "2eee9889497949585765001569c3c2b5a70baaf8ee48b576c1fb081b53ad6baa", "1cb9b49ef81278cefda69d9eea677762d8677e4dfde0b5320d9650d100695c8d", "06db60c2be37b3680f3a4e64ba0dee7eae73c0b791ab452c9c215f23d2385536", "16c28969b0e11e9e7194aa6b70a3c99c6371e29aaca923b9644a8eb437a155e1", "2552e836d50859320027136e4913281991f99351517f4da2e2f476a93b07dd56", "18d4f1a6caab7bfc3b28b6ce129518166c9f72c82962957bb5b4c92f816cc596", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "138b43c702ecb2a49d987b46269a6d87d4054346bc5b2e7180937c39947e058f", "254ad738e3f2f737b6cb1c0f6105137594300fd9634b5be89fdb8e0888dab0f0", "113a180aa24b8558049264e84b991f5590202bf7708136e2cf44b6668c60f7bc", "08fad9c7ea40d3d9453ac108f43c23eb7d210f4cbd1d3c64b05c1940a3a09e64", "04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314", "0693f993b33d7059e10763098eea96ddb5635951779b8f42b3d54900225666b3", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "09663b39028952e5baa1b128f230d293dfbe426e48e954c6dbabd4c6d729d4f5", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0180a53f8fccb987408a0c622f3b62630dd19cc3e84b5b24a447de4c4da3f926", "2a7649d32d0b95f381ba46a48ad52689c9354cbf1cdf0cdab1abdea9f6b3211a", "1e5b701eaae74df7ec48a921c61e8febe18acef025f2a3c89c24a92a91acdb1a", "107bf5e890a41ca2cee3f5df53ff4d8d3a2d6bde90a2b0b9cd9523dc42f9b32b", "196a947c89ae40b8350155e4d5c521eab44432b8d234677868483f31b9d18846", "25a04868d4bb0b50d6f89f3d79ce6aa47a4087422fa777ad94630c50d498cf6b", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "2c851507f8c99a9d05b6548d04f7277048f6fe4bcc713bf87ddb7f610746cb20", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["1ac155873282737be0b0c6bba7d65cf265ef304a26add37a692fbf96df511593", "307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "1b1555a96f617f0d17ad3b59ca38126be64c5c3da660fb030c9a41c7951d88d1", "19db44ea86ce5522337992bff502d7a31a271de4fceb2551704c9757477b78e0", "07d337c974b4b7f408fa4f160e77954258d9b5a0804703a97610c2b3856d8254", "2eee9889497949585765001569c3c2b5a70baaf8ee48b576c1fb081b53ad6baa", "1cb9b49ef81278cefda69d9eea677762d8677e4dfde0b5320d9650d100695c8d", "06db60c2be37b3680f3a4e64ba0dee7eae73c0b791ab452c9c215f23d2385536", "16c28969b0e11e9e7194aa6b70a3c99c6371e29aaca923b9644a8eb437a155e1", "2552e836d50859320027136e4913281991f99351517f4da2e2f476a93b07dd56", "18d4f1a6caab7bfc3b28b6ce129518166c9f72c82962957bb5b4c92f816cc596", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "138b43c702ecb2a49d987b46269a6d87d4054346bc5b2e7180937c39947e058f", "254ad738e3f2f737b6cb1c0f6105137594300fd9634b5be89fdb8e0888dab0f0", "113a180aa24b8558049264e84b991f5590202bf7708136e2cf44b6668c60f7bc", "08fad9c7ea40d3d9453ac108f43c23eb7d210f4cbd1d3c64b05c1940a3a09e64", "04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314", "0693f993b33d7059e10763098eea96ddb5635951779b8f42b3d54900225666b3", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "09663b39028952e5baa1b128f230d293dfbe426e48e954c6dbabd4c6d729d4f5", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0180a53f8fccb987408a0c622f3b62630dd19cc3e84b5b24a447de4c4da3f926", "2a7649d32d0b95f381ba46a48ad52689c9354cbf1cdf0cdab1abdea9f6b3211a", "1e5b701eaae74df7ec48a921c61e8febe18acef025f2a3c89c24a92a91acdb1a", "107bf5e890a41ca2cee3f5df53ff4d8d3a2d6bde90a2b0b9cd9523dc42f9b32b", "196a947c89ae40b8350155e4d5c521eab44432b8d234677868483f31b9d18846", "25a04868d4bb0b50d6f89f3d79ce6aa47a4087422fa777ad94630c50d498cf6b", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "2c851507f8c99a9d05b6548d04f7277048f6fe4bcc713bf87ddb7f610746cb20", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["1ac155873282737be0b0c6bba7d65cf265ef304a26add37a692fbf96df511593", "307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "1b1555a96f617f0d17ad3b59ca38126be64c5c3da660fb030c9a41c7951d88d1", "19db44ea86ce5522337992bff502d7a31a271de4fceb2551704c9757477b78e0", "07d337c974b4b7f408fa4f160e77954258d9b5a0804703a97610c2b3856d8254", "2eee9889497949585765001569c3c2b5a70baaf8ee48b576c1fb081b53ad6baa", "1cb9b49ef81278cefda69d9eea677762d8677e4dfde0b5320d9650d100695c8d", "06db60c2be37b3680f3a4e64ba0dee7eae73c0b791ab452c9c215f23d2385536", "16c28969b0e11e9e7194aa6b70a3c99c6371e29aaca923b9644a8eb437a155e1", "2552e836d50859320027136e4913281991f99351517f4da2e2f476a93b07dd56", "18d4f1a6caab7bfc3b28b6ce129518166c9f72c82962957bb5b4c92f816cc596", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "138b43c702ecb2a49d987b46269a6d87d4054346bc5b2e7180937c39947e058f", "254ad738e3f2f737b6cb1c0f6105137594300fd9634b5be89fdb8e0888dab0f0", "113a180aa24b8558049264e84b991f5590202bf7708136e2cf44b6668c60f7bc", "08fad9c7ea40d3d9453ac108f43c23eb7d210f4cbd1d3c64b05c1940a3a09e64", "04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314", "0693f993b33d7059e10763098eea96ddb5635951779b8f42b3d54900225666b3", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "09663b39028952e5baa1b128f230d293dfbe426e48e954c6dbabd4c6d729d4f5", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0180a53f8fccb987408a0c622f3b62630dd19cc3e84b5b24a447de4c4da3f926", "2a7649d32d0b95f381ba46a48ad52689c9354cbf1cdf0cdab1abdea9f6b3211a", "1e5b701eaae74df7ec48a921c61e8febe18acef025f2a3c89c24a92a91acdb1a", "107bf5e890a41ca2cee3f5df53ff4d8d3a2d6bde90a2b0b9cd9523dc42f9b32b", "196a947c89ae40b8350155e4d5c521eab44432b8d234677868483f31b9d18846", "25a04868d4bb0b50d6f89f3d79ce6aa47a4087422fa777ad94630c50d498cf6b", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "2c851507f8c99a9d05b6548d04f7277048f6fe4bcc713bf87ddb7f610746cb20", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["1ac155873282737be0b0c6bba7d65cf265ef304a26add37a692fbf96df511593", "307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "1b1555a96f617f0d17ad3b59ca38126be64c5c3da660fb030c9a41c7951d88d1", "19db44ea86ce5522337992bff502d7a31a271de4fceb2551704c9757477b78e0", "07d337c974b4b7f408fa4f160e77954258d9b5a0804703a97610c2b3856d8254", "2eee9889497949585765001569c3c2b5a70baaf8ee48b576c1fb081b53ad6baa", "1cb9b49ef81278cefda69d9eea677762d8677e4dfde0b5320d9650d100695c8d", "06db60c2be37b3680f3a4e64ba0dee7eae73c0b791ab452c9c215f23d2385536", "16c28969b0e11e9e7194aa6b70a3c99c6371e29aaca923b9644a8eb437a155e1", "2552e836d50859320027136e4913281991f99351517f4da2e2f476a93b07dd56", "18d4f1a6caab7bfc3b28b6ce129518166c9f72c82962957bb5b4c92f816cc596", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "138b43c702ecb2a49d987b46269a6d87d4054346bc5b2e7180937c39947e058f", "254ad738e3f2f737b6cb1c0f6105137594300fd9634b5be89fdb8e0888dab0f0", "113a180aa24b8558049264e84b991f5590202bf7708136e2cf44b6668c60f7bc", "08fad9c7ea40d3d9453ac108f43c23eb7d210f4cbd1d3c64b05c1940a3a09e64", "04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314", "0693f993b33d7059e10763098eea96ddb5635951779b8f42b3d54900225666b3", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "09663b39028952e5baa1b128f230d293dfbe426e48e954c6dbabd4c6d729d4f5", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0180a53f8fccb987408a0c622f3b62630dd19cc3e84b5b24a447de4c4da3f926", "2a7649d32d0b95f381ba46a48ad52689c9354cbf1cdf0cdab1abdea9f6b3211a", "1e5b701eaae74df7ec48a921c61e8febe18acef025f2a3c89c24a92a91acdb1a", "107bf5e890a41ca2cee3f5df53ff4d8d3a2d6bde90a2b0b9cd9523dc42f9b32b", "196a947c89ae40b8350155e4d5c521eab44432b8d234677868483f31b9d18846", "25a04868d4bb0b50d6f89f3d79ce6aa47a4087422fa777ad94630c50d498cf6b", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "2c851507f8c99a9d05b6548d04f7277048f6fe4bcc713bf87ddb7f610746cb20", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["1ac155873282737be0b0c6bba7d65cf265ef304a26add37a692fbf96df511593", "307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "1b1555a96f617f0d17ad3b59ca38126be64c5c3da660fb030c9a41c7951d88d1", "19db44ea86ce5522337992bff502d7a31a271de4fceb2551704c9757477b78e0", "07d337c974b4b7f408fa4f160e77954258d9b5a0804703a97610c2b3856d8254", "2eee9889497949585765001569c3c2b5a70baaf8ee48b576c1fb081b53ad6baa", "1cb9b49ef81278cefda69d9eea677762d8677e4dfde0b5320d9650d100695c8d", "06db60c2be37b3680f3a4e64ba0dee7eae73c0b791ab452c9c215f23d2385536", "16c28969b0e11e9e7194aa6b70a3c99c6371e29aaca923b9644a8eb437a155e1", "2552e836d50859320027136e4913281991f99351517f4da2e2f476a93b07dd56", "18d4f1a6caab7bfc3b28b6ce129518166c9f72c82962957bb5b4c92f816cc596", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "138b43c702ecb2a49d987b46269a6d87d4054346bc5b2e7180937c39947e058f", "254ad738e3f2f737b6cb1c0f6105137594300fd9634b5be89fdb8e0888dab0f0", "113a180aa24b8558049264e84b991f5590202bf7708136e2cf44b6668c60f7bc", "08fad9c7ea40d3d9453ac108f43c23eb7d210f4cbd1d3c64b05c1940a3a09e64", "04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314", "0693f993b33d7059e10763098eea96ddb5635951779b8f42b3d54900225666b3", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "09663b39028952e5baa1b128f230d293dfbe426e48e954c6dbabd4c6d729d4f5", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0180a53f8fccb987408a0c622f3b62630dd19cc3e84b5b24a447de4c4da3f926", "2a7649d32d0b95f381ba46a48ad52689c9354cbf1cdf0cdab1abdea9f6b3211a", "1e5b701eaae74df7ec48a921c61e8febe18acef025f2a3c89c24a92a91acdb1a", "107bf5e890a41ca2cee3f5df53ff4d8d3a2d6bde90a2b0b9cd9523dc42f9b32b", "196a947c89ae40b8350155e4d5c521eab44432b8d234677868483f31b9d18846", "25a04868d4bb0b50d6f89f3d79ce6aa47a4087422fa777ad94630c50d498cf6b", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "2c851507f8c99a9d05b6548d04f7277048f6fe4bcc713bf87ddb7f610746cb20", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["1ac155873282737be0b0c6bba7d65cf265ef304a26add37a692fbf96df511593", "307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "1b1555a96f617f0d17ad3b59ca38126be64c5c3da660fb030c9a41c7951d88d1", "19db44ea86ce5522337992bff502d7a31a271de4fceb2551704c9757477b78e0", "07d337c974b4b7f408fa4f160e77954258d9b5a0804703a97610c2b3856d8254", "2eee9889497949585765001569c3c2b5a70baaf8ee48b576c1fb081b53ad6baa", "1cb9b49ef81278cefda69d9eea677762d8677e4dfde0b5320d9650d100695c8d", "06db60c2be37b3680f3a4e64ba0dee7eae73c0b791ab452c9c215f23d2385536", "16c28969b0e11e9e7194aa6b70a3c99c6371e29aaca923b9644a8eb437a155e1", "2552e836d50859320027136e4913281991f99351517f4da2e2f476a93b07dd56", "18d4f1a6caab7bfc3b28b6ce129518166c9f72c82962957bb5b4c92f816cc596", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "138b43c702ecb2a49d987b46269a6d87d4054346bc5b2e7180937c39947e058f", "254ad738e3f2f737b6cb1c0f6105137594300fd9634b5be89fdb8e0888dab0f0", "113a180aa24b8558049264e84b991f5590202bf7708136e2cf44b6668c60f7bc", "08fad9c7ea40d3d9453ac108f43c23eb7d210f4cbd1d3c64b05c1940a3a09e64", "04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314", "0693f993b33d7059e10763098eea96ddb5635951779b8f42b3d54900225666b3", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "09663b39028952e5baa1b128f230d293dfbe426e48e954c6dbabd4c6d729d4f5", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0180a53f8fccb987408a0c622f3b62630dd19cc3e84b5b24a447de4c4da3f926", "2a7649d32d0b95f381ba46a48ad52689c9354cbf1cdf0cdab1abdea9f6b3211a", "1e5b701eaae74df7ec48a921c61e8febe18acef025f2a3c89c24a92a91acdb1a", "107bf5e890a41ca2cee3f5df53ff4d8d3a2d6bde90a2b0b9cd9523dc42f9b32b", "196a947c89ae40b8350155e4d5c521eab44432b8d234677868483f31b9d18846", "25a04868d4bb0b50d6f89f3d79ce6aa47a4087422fa777ad94630c50d498cf6b", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "2c851507f8c99a9d05b6548d04f7277048f6fe4bcc713bf87ddb7f610746cb20", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["1ac155873282737be0b0c6bba7d65cf265ef304a26add37a692fbf96df511593", "307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "1b1555a96f617f0d17ad3b59ca38126be64c5c3da660fb030c9a41c7951d88d1", "19db44ea86ce5522337992bff502d7a31a271de4fceb2551704c9757477b78e0", "07d337c974b4b7f408fa4f160e77954258d9b5a0804703a97610c2b3856d8254", "2eee9889497949585765001569c3c2b5a70baaf8ee48b576c1fb081b53ad6baa", "1cb9b49ef81278cefda69d9eea677762d8677e4dfde0b5320d9650d100695c8d", "06db60c2be37b3680f3a4e64ba0dee7eae73c0b791ab452c9c215f23d2385536", "16c28969b0e11e9e7194aa6b70a3c99c6371e29aaca923b9644a8eb437a155e1", "2552e836d50859320027136e4913281991f99351517f4da2e2f476a93b07dd56", "18d4f1a6caab7bfc3b28b6ce129518166c9f72c82962957bb5b4c92f816cc596", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "138b43c702ecb2a49d987b46269a6d87d4054346bc5b2e7180937c39947e058f", "254ad738e3f2f737b6cb1c0f6105137594300fd9634b5be89fdb8e0888dab0f0", "113a180aa24b8558049264e84b991f5590202bf7708136e2cf44b6668c60f7bc", "08fad9c7ea40d3d9453ac108f43c23eb7d210f4cbd1d3c64b05c1940a3a09e64", "04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314", "0693f993b33d7059e10763098eea96ddb5635951779b8f42b3d54900225666b3", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "09663b39028952e5baa1b128f230d293dfbe426e48e954c6dbabd4c6d729d4f5", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0180a53f8fccb987408a0c622f3b62630dd19cc3e84b5b24a447de4c4da3f926", "2a7649d32d0b95f381ba46a48ad52689c9354cbf1cdf0cdab1abdea9f6b3211a", "1e5b701eaae74df7ec48a921c61e8febe18acef025f2a3c89c24a92a91acdb1a", "107bf5e890a41ca2cee3f5df53ff4d8d3a2d6bde90a2b0b9cd9523dc42f9b32b", "196a947c89ae40b8350155e4d5c521eab44432b8d234677868483f31b9d18846", "25a04868d4bb0b50d6f89f3d79ce6aa47a4087422fa777ad94630c50d498cf6b", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "2c851507f8c99a9d05b6548d04f7277048f6fe4bcc713bf87ddb7f610746cb20", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["1ac155873282737be0b0c6bba7d65cf265ef304a26add37a692fbf96df511593", "307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "1b1555a96f617f0d17ad3b59ca38126be64c5c3da660fb030c9a41c7951d88d1", "19db44ea86ce5522337992bff502d7a31a271de4fceb2551704c9757477b78e0", "07d337c974b4b7f408fa4f160e77954258d9b5a0804703a97610c2b3856d8254", "2eee9889497949585765001569c3c2b5a70baaf8ee48b576c1fb081b53ad6baa", "1cb9b49ef81278cefda69d9eea677762d8677e4dfde0b5320d9650d100695c8d", "06db60c2be37b3680f3a4e64ba0dee7eae73c0b791ab452c9c215f23d2385536", "16c28969b0e11e9e7194aa6b70a3c99c6371e29aaca923b9644a8eb437a155e1", "2552e836d50859320027136e4913281991f99351517f4da2e2f476a93b07dd56", "18d4f1a6caab7bfc3b28b6ce129518166c9f72c82962957bb5b4c92f816cc596", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "138b43c702ecb2a49d987b46269a6d87d4054346bc5b2e7180937c39947e058f", "254ad738e3f2f737b6cb1c0f6105137594300fd9634b5be89fdb8e0888dab0f0", "113a180aa24b8558049264e84b991f5590202bf7708136e2cf44b6668c60f7bc", "08fad9c7ea40d3d9453ac108f43c23eb7d210f4cbd1d3c64b05c1940a3a09e64", "04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314", "0693f993b33d7059e10763098eea96ddb5635951779b8f42b3d54900225666b3", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "09663b39028952e5baa1b128f230d293dfbe426e48e954c6dbabd4c6d729d4f5", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0180a53f8fccb987408a0c622f3b62630dd19cc3e84b5b24a447de4c4da3f926", "2a7649d32d0b95f381ba46a48ad52689c9354cbf1cdf0cdab1abdea9f6b3211a", "1e5b701eaae74df7ec48a921c61e8febe18acef025f2a3c89c24a92a91acdb1a", "107bf5e890a41ca2cee3f5df53ff4d8d3a2d6bde90a2b0b9cd9523dc42f9b32b", "196a947c89ae40b8350155e4d5c521eab44432b8d234677868483f31b9d18846", "25a04868d4bb0b50d6f89f3d79ce6aa47a4087422fa777ad94630c50d498cf6b", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "2c851507f8c99a9d05b6548d04f7277048f6fe4bcc713bf87ddb7f610746cb20", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["1ac155873282737be0b0c6bba7d65cf265ef304a26add37a692fbf96df511593", "307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "1b1555a96f617f0d17ad3b59ca38126be64c5c3da660fb030c9a41c7951d88d1", "19db44ea86ce5522337992bff502d7a31a271de4fceb2551704c9757477b78e0", "07d337c974b4b7f408fa4f160e77954258d9b5a0804703a97610c2b3856d8254", "2eee9889497949585765001569c3c2b5a70baaf8ee48b576c1fb081b53ad6baa", "1cb9b49ef81278cefda69d9eea677762d8677e4dfde0b5320d9650d100695c8d", "06db60c2be37b3680f3a4e64ba0dee7eae73c0b791ab452c9c215f23d2385536", "16c28969b0e11e9e7194aa6b70a3c99c6371e29aaca923b9644a8eb437a155e1", "2552e836d50859320027136e4913281991f99351517f4da2e2f476a93b07dd56", "18d4f1a6caab7bfc3b28b6ce129518166c9f72c82962957bb5b4c92f816cc596", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "138b43c702ecb2a49d987b46269a6d87d4054346bc5b2e7180937c39947e058f", "254ad738e3f2f737b6cb1c0f6105137594300fd9634b5be89fdb8e0888dab0f0", "113a180aa24b8558049264e84b991f5590202bf7708136e2cf44b6668c60f7bc", "08fad9c7ea40d3d9453ac108f43c23eb7d210f4cbd1d3c64b05c1940a3a09e64", "04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314", "0693f993b33d7059e10763098eea96ddb5635951779b8f42b3d54900225666b3", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "09663b39028952e5baa1b128f230d293dfbe426e48e954c6dbabd4c6d729d4f5", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0180a53f8fccb987408a0c622f3b62630dd19cc3e84b5b24a447de4c4da3f926", "2a7649d32d0b95f381ba46a48ad52689c9354cbf1cdf0cdab1abdea9f6b3211a", "1e5b701eaae74df7ec48a921c61e8febe18acef025f2a3c89c24a92a91acdb1a", "107bf5e890a41ca2cee3f5df53ff4d8d3a2d6bde90a2b0b9cd9523dc42f9b32b", "196a947c89ae40b8350155e4d5c521eab44432b8d234677868483f31b9d18846", "25a04868d4bb0b50d6f89f3d79ce6aa47a4087422fa777ad94630c50d498cf6b", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "2c851507f8c99a9d05b6548d04f7277048f6fe4bcc713bf87ddb7f610746cb20", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-uses-visual-basic", "hashes": ["1ac155873282737be0b0c6bba7d65cf265ef304a26add37a692fbf96df511593", "307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "1b1555a96f617f0d17ad3b59ca38126be64c5c3da660fb030c9a41c7951d88d1", "19db44ea86ce5522337992bff502d7a31a271de4fceb2551704c9757477b78e0", "07d337c974b4b7f408fa4f160e77954258d9b5a0804703a97610c2b3856d8254", "2eee9889497949585765001569c3c2b5a70baaf8ee48b576c1fb081b53ad6baa", "1cb9b49ef81278cefda69d9eea677762d8677e4dfde0b5320d9650d100695c8d", "06db60c2be37b3680f3a4e64ba0dee7eae73c0b791ab452c9c215f23d2385536", "16c28969b0e11e9e7194aa6b70a3c99c6371e29aaca923b9644a8eb437a155e1", "2552e836d50859320027136e4913281991f99351517f4da2e2f476a93b07dd56", "18d4f1a6caab7bfc3b28b6ce129518166c9f72c82962957bb5b4c92f816cc596", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "138b43c702ecb2a49d987b46269a6d87d4054346bc5b2e7180937c39947e058f", "254ad738e3f2f737b6cb1c0f6105137594300fd9634b5be89fdb8e0888dab0f0", "113a180aa24b8558049264e84b991f5590202bf7708136e2cf44b6668c60f7bc", "08fad9c7ea40d3d9453ac108f43c23eb7d210f4cbd1d3c64b05c1940a3a09e64", "04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314", "0693f993b33d7059e10763098eea96ddb5635951779b8f42b3d54900225666b3", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "09663b39028952e5baa1b128f230d293dfbe426e48e954c6dbabd4c6d729d4f5", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0180a53f8fccb987408a0c622f3b62630dd19cc3e84b5b24a447de4c4da3f926", "2a7649d32d0b95f381ba46a48ad52689c9354cbf1cdf0cdab1abdea9f6b3211a", "1e5b701eaae74df7ec48a921c61e8febe18acef025f2a3c89c24a92a91acdb1a", "107bf5e890a41ca2cee3f5df53ff4d8d3a2d6bde90a2b0b9cd9523dc42f9b32b", "196a947c89ae40b8350155e4d5c521eab44432b8d234677868483f31b9d18846", "25a04868d4bb0b50d6f89f3d79ce6aa47a4087422fa777ad94630c50d498cf6b", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "2c851507f8c99a9d05b6548d04f7277048f6fe4bcc713bf87ddb7f610746cb20", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "mitre_attack_tags": []}, {"bi": "process-svchost-suspicious-launch", "hashes": ["1ac155873282737be0b0c6bba7d65cf265ef304a26add37a692fbf96df511593", "307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "1b1555a96f617f0d17ad3b59ca38126be64c5c3da660fb030c9a41c7951d88d1", "19db44ea86ce5522337992bff502d7a31a271de4fceb2551704c9757477b78e0", "07d337c974b4b7f408fa4f160e77954258d9b5a0804703a97610c2b3856d8254", "2eee9889497949585765001569c3c2b5a70baaf8ee48b576c1fb081b53ad6baa", "1cb9b49ef81278cefda69d9eea677762d8677e4dfde0b5320d9650d100695c8d", "06db60c2be37b3680f3a4e64ba0dee7eae73c0b791ab452c9c215f23d2385536", "16c28969b0e11e9e7194aa6b70a3c99c6371e29aaca923b9644a8eb437a155e1", "2552e836d50859320027136e4913281991f99351517f4da2e2f476a93b07dd56", "18d4f1a6caab7bfc3b28b6ce129518166c9f72c82962957bb5b4c92f816cc596", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "138b43c702ecb2a49d987b46269a6d87d4054346bc5b2e7180937c39947e058f", "254ad738e3f2f737b6cb1c0f6105137594300fd9634b5be89fdb8e0888dab0f0", "113a180aa24b8558049264e84b991f5590202bf7708136e2cf44b6668c60f7bc", "08fad9c7ea40d3d9453ac108f43c23eb7d210f4cbd1d3c64b05c1940a3a09e64", "04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314", "0693f993b33d7059e10763098eea96ddb5635951779b8f42b3d54900225666b3", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "09663b39028952e5baa1b128f230d293dfbe426e48e954c6dbabd4c6d729d4f5", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0180a53f8fccb987408a0c622f3b62630dd19cc3e84b5b24a447de4c4da3f926", "2a7649d32d0b95f381ba46a48ad52689c9354cbf1cdf0cdab1abdea9f6b3211a", "1e5b701eaae74df7ec48a921c61e8febe18acef025f2a3c89c24a92a91acdb1a", "107bf5e890a41ca2cee3f5df53ff4d8d3a2d6bde90a2b0b9cd9523dc42f9b32b", "196a947c89ae40b8350155e4d5c521eab44432b8d234677868483f31b9d18846", "25a04868d4bb0b50d6f89f3d79ce6aa47a4087422fa777ad94630c50d498cf6b", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "2c851507f8c99a9d05b6548d04f7277048f6fe4bcc713bf87ddb7f610746cb20", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "mitre_attack_tags": ["TA0005"]}, {"bi": "artifact-windows-task", "hashes": ["1ac155873282737be0b0c6bba7d65cf265ef304a26add37a692fbf96df511593", "307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "1b1555a96f617f0d17ad3b59ca38126be64c5c3da660fb030c9a41c7951d88d1", "19db44ea86ce5522337992bff502d7a31a271de4fceb2551704c9757477b78e0", "07d337c974b4b7f408fa4f160e77954258d9b5a0804703a97610c2b3856d8254", "2eee9889497949585765001569c3c2b5a70baaf8ee48b576c1fb081b53ad6baa", "1cb9b49ef81278cefda69d9eea677762d8677e4dfde0b5320d9650d100695c8d", "06db60c2be37b3680f3a4e64ba0dee7eae73c0b791ab452c9c215f23d2385536", "16c28969b0e11e9e7194aa6b70a3c99c6371e29aaca923b9644a8eb437a155e1", "2552e836d50859320027136e4913281991f99351517f4da2e2f476a93b07dd56", "18d4f1a6caab7bfc3b28b6ce129518166c9f72c82962957bb5b4c92f816cc596", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "138b43c702ecb2a49d987b46269a6d87d4054346bc5b2e7180937c39947e058f", "254ad738e3f2f737b6cb1c0f6105137594300fd9634b5be89fdb8e0888dab0f0", "113a180aa24b8558049264e84b991f5590202bf7708136e2cf44b6668c60f7bc", "08fad9c7ea40d3d9453ac108f43c23eb7d210f4cbd1d3c64b05c1940a3a09e64", "04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314", "0693f993b33d7059e10763098eea96ddb5635951779b8f42b3d54900225666b3", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "09663b39028952e5baa1b128f230d293dfbe426e48e954c6dbabd4c6d729d4f5", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0180a53f8fccb987408a0c622f3b62630dd19cc3e84b5b24a447de4c4da3f926", "2a7649d32d0b95f381ba46a48ad52689c9354cbf1cdf0cdab1abdea9f6b3211a", "1e5b701eaae74df7ec48a921c61e8febe18acef025f2a3c89c24a92a91acdb1a", "107bf5e890a41ca2cee3f5df53ff4d8d3a2d6bde90a2b0b9cd9523dc42f9b32b", "196a947c89ae40b8350155e4d5c521eab44432b8d234677868483f31b9d18846", "25a04868d4bb0b50d6f89f3d79ce6aa47a4087422fa777ad94630c50d498cf6b", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "2c851507f8c99a9d05b6548d04f7277048f6fe4bcc713bf87ddb7f610746cb20", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "malware-compound-cta-activity", "hashes": ["1ac155873282737be0b0c6bba7d65cf265ef304a26add37a692fbf96df511593", "307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "1b1555a96f617f0d17ad3b59ca38126be64c5c3da660fb030c9a41c7951d88d1", "19db44ea86ce5522337992bff502d7a31a271de4fceb2551704c9757477b78e0", "07d337c974b4b7f408fa4f160e77954258d9b5a0804703a97610c2b3856d8254", "2eee9889497949585765001569c3c2b5a70baaf8ee48b576c1fb081b53ad6baa", "1cb9b49ef81278cefda69d9eea677762d8677e4dfde0b5320d9650d100695c8d", "06db60c2be37b3680f3a4e64ba0dee7eae73c0b791ab452c9c215f23d2385536", "16c28969b0e11e9e7194aa6b70a3c99c6371e29aaca923b9644a8eb437a155e1", "2552e836d50859320027136e4913281991f99351517f4da2e2f476a93b07dd56", "18d4f1a6caab7bfc3b28b6ce129518166c9f72c82962957bb5b4c92f816cc596", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "138b43c702ecb2a49d987b46269a6d87d4054346bc5b2e7180937c39947e058f", "254ad738e3f2f737b6cb1c0f6105137594300fd9634b5be89fdb8e0888dab0f0", "113a180aa24b8558049264e84b991f5590202bf7708136e2cf44b6668c60f7bc", "08fad9c7ea40d3d9453ac108f43c23eb7d210f4cbd1d3c64b05c1940a3a09e64", "04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314", "0693f993b33d7059e10763098eea96ddb5635951779b8f42b3d54900225666b3", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "09663b39028952e5baa1b128f230d293dfbe426e48e954c6dbabd4c6d729d4f5", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0180a53f8fccb987408a0c622f3b62630dd19cc3e84b5b24a447de4c4da3f926", "2a7649d32d0b95f381ba46a48ad52689c9354cbf1cdf0cdab1abdea9f6b3211a", "1e5b701eaae74df7ec48a921c61e8febe18acef025f2a3c89c24a92a91acdb1a", "107bf5e890a41ca2cee3f5df53ff4d8d3a2d6bde90a2b0b9cd9523dc42f9b32b", "196a947c89ae40b8350155e4d5c521eab44432b8d234677868483f31b9d18846", "25a04868d4bb0b50d6f89f3d79ce6aa47a4087422fa777ad94630c50d498cf6b", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "2c851507f8c99a9d05b6548d04f7277048f6fe4bcc713bf87ddb7f610746cb20", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "1b1555a96f617f0d17ad3b59ca38126be64c5c3da660fb030c9a41c7951d88d1", "19db44ea86ce5522337992bff502d7a31a271de4fceb2551704c9757477b78e0", "07d337c974b4b7f408fa4f160e77954258d9b5a0804703a97610c2b3856d8254", "2eee9889497949585765001569c3c2b5a70baaf8ee48b576c1fb081b53ad6baa", "1cb9b49ef81278cefda69d9eea677762d8677e4dfde0b5320d9650d100695c8d", "06db60c2be37b3680f3a4e64ba0dee7eae73c0b791ab452c9c215f23d2385536", "16c28969b0e11e9e7194aa6b70a3c99c6371e29aaca923b9644a8eb437a155e1", "2552e836d50859320027136e4913281991f99351517f4da2e2f476a93b07dd56", "18d4f1a6caab7bfc3b28b6ce129518166c9f72c82962957bb5b4c92f816cc596", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "138b43c702ecb2a49d987b46269a6d87d4054346bc5b2e7180937c39947e058f", "254ad738e3f2f737b6cb1c0f6105137594300fd9634b5be89fdb8e0888dab0f0", "113a180aa24b8558049264e84b991f5590202bf7708136e2cf44b6668c60f7bc", "08fad9c7ea40d3d9453ac108f43c23eb7d210f4cbd1d3c64b05c1940a3a09e64", "04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314", "0693f993b33d7059e10763098eea96ddb5635951779b8f42b3d54900225666b3", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "09663b39028952e5baa1b128f230d293dfbe426e48e954c6dbabd4c6d729d4f5", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0180a53f8fccb987408a0c622f3b62630dd19cc3e84b5b24a447de4c4da3f926", "2a7649d32d0b95f381ba46a48ad52689c9354cbf1cdf0cdab1abdea9f6b3211a", "1e5b701eaae74df7ec48a921c61e8febe18acef025f2a3c89c24a92a91acdb1a", "107bf5e890a41ca2cee3f5df53ff4d8d3a2d6bde90a2b0b9cd9523dc42f9b32b", "196a947c89ae40b8350155e4d5c521eab44432b8d234677868483f31b9d18846", "25a04868d4bb0b50d6f89f3d79ce6aa47a4087422fa777ad94630c50d498cf6b", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "2c851507f8c99a9d05b6548d04f7277048f6fe4bcc713bf87ddb7f610746cb20", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "unsigned-roaming-execution", "hashes": ["307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "1b1555a96f617f0d17ad3b59ca38126be64c5c3da660fb030c9a41c7951d88d1", "19db44ea86ce5522337992bff502d7a31a271de4fceb2551704c9757477b78e0", "07d337c974b4b7f408fa4f160e77954258d9b5a0804703a97610c2b3856d8254", "2eee9889497949585765001569c3c2b5a70baaf8ee48b576c1fb081b53ad6baa", "1cb9b49ef81278cefda69d9eea677762d8677e4dfde0b5320d9650d100695c8d", "06db60c2be37b3680f3a4e64ba0dee7eae73c0b791ab452c9c215f23d2385536", "16c28969b0e11e9e7194aa6b70a3c99c6371e29aaca923b9644a8eb437a155e1", "2552e836d50859320027136e4913281991f99351517f4da2e2f476a93b07dd56", "18d4f1a6caab7bfc3b28b6ce129518166c9f72c82962957bb5b4c92f816cc596", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "138b43c702ecb2a49d987b46269a6d87d4054346bc5b2e7180937c39947e058f", "254ad738e3f2f737b6cb1c0f6105137594300fd9634b5be89fdb8e0888dab0f0", "113a180aa24b8558049264e84b991f5590202bf7708136e2cf44b6668c60f7bc", "08fad9c7ea40d3d9453ac108f43c23eb7d210f4cbd1d3c64b05c1940a3a09e64", "04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314", "0693f993b33d7059e10763098eea96ddb5635951779b8f42b3d54900225666b3", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "09663b39028952e5baa1b128f230d293dfbe426e48e954c6dbabd4c6d729d4f5", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0180a53f8fccb987408a0c622f3b62630dd19cc3e84b5b24a447de4c4da3f926", "2a7649d32d0b95f381ba46a48ad52689c9354cbf1cdf0cdab1abdea9f6b3211a", "1e5b701eaae74df7ec48a921c61e8febe18acef025f2a3c89c24a92a91acdb1a", "107bf5e890a41ca2cee3f5df53ff4d8d3a2d6bde90a2b0b9cd9523dc42f9b32b", "196a947c89ae40b8350155e4d5c521eab44432b8d234677868483f31b9d18846", "25a04868d4bb0b50d6f89f3d79ce6aa47a4087422fa777ad94630c50d498cf6b", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "2c851507f8c99a9d05b6548d04f7277048f6fe4bcc713bf87ddb7f610746cb20", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "mitre_attack_tags": ["TA0005"]}, {"bi": "task-ran-using-system-account", "hashes": ["307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "1b1555a96f617f0d17ad3b59ca38126be64c5c3da660fb030c9a41c7951d88d1", "19db44ea86ce5522337992bff502d7a31a271de4fceb2551704c9757477b78e0", "07d337c974b4b7f408fa4f160e77954258d9b5a0804703a97610c2b3856d8254", "2eee9889497949585765001569c3c2b5a70baaf8ee48b576c1fb081b53ad6baa", "1cb9b49ef81278cefda69d9eea677762d8677e4dfde0b5320d9650d100695c8d", "06db60c2be37b3680f3a4e64ba0dee7eae73c0b791ab452c9c215f23d2385536", "16c28969b0e11e9e7194aa6b70a3c99c6371e29aaca923b9644a8eb437a155e1", "2552e836d50859320027136e4913281991f99351517f4da2e2f476a93b07dd56", "18d4f1a6caab7bfc3b28b6ce129518166c9f72c82962957bb5b4c92f816cc596", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "138b43c702ecb2a49d987b46269a6d87d4054346bc5b2e7180937c39947e058f", "254ad738e3f2f737b6cb1c0f6105137594300fd9634b5be89fdb8e0888dab0f0", "113a180aa24b8558049264e84b991f5590202bf7708136e2cf44b6668c60f7bc", "08fad9c7ea40d3d9453ac108f43c23eb7d210f4cbd1d3c64b05c1940a3a09e64", "04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314", "0693f993b33d7059e10763098eea96ddb5635951779b8f42b3d54900225666b3", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "09663b39028952e5baa1b128f230d293dfbe426e48e954c6dbabd4c6d729d4f5", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0180a53f8fccb987408a0c622f3b62630dd19cc3e84b5b24a447de4c4da3f926", "2a7649d32d0b95f381ba46a48ad52689c9354cbf1cdf0cdab1abdea9f6b3211a", "1e5b701eaae74df7ec48a921c61e8febe18acef025f2a3c89c24a92a91acdb1a", "107bf5e890a41ca2cee3f5df53ff4d8d3a2d6bde90a2b0b9cd9523dc42f9b32b", "196a947c89ae40b8350155e4d5c521eab44432b8d234677868483f31b9d18846", "25a04868d4bb0b50d6f89f3d79ce6aa47a4087422fa777ad94630c50d498cf6b", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "2c851507f8c99a9d05b6548d04f7277048f6fe4bcc713bf87ddb7f610746cb20", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "process-hollowing-detected", "hashes": ["307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "1b1555a96f617f0d17ad3b59ca38126be64c5c3da660fb030c9a41c7951d88d1", "19db44ea86ce5522337992bff502d7a31a271de4fceb2551704c9757477b78e0", "07d337c974b4b7f408fa4f160e77954258d9b5a0804703a97610c2b3856d8254", "2eee9889497949585765001569c3c2b5a70baaf8ee48b576c1fb081b53ad6baa", "06db60c2be37b3680f3a4e64ba0dee7eae73c0b791ab452c9c215f23d2385536", "16c28969b0e11e9e7194aa6b70a3c99c6371e29aaca923b9644a8eb437a155e1", "2552e836d50859320027136e4913281991f99351517f4da2e2f476a93b07dd56", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "138b43c702ecb2a49d987b46269a6d87d4054346bc5b2e7180937c39947e058f", "254ad738e3f2f737b6cb1c0f6105137594300fd9634b5be89fdb8e0888dab0f0", "04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314", "0693f993b33d7059e10763098eea96ddb5635951779b8f42b3d54900225666b3", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "09663b39028952e5baa1b128f230d293dfbe426e48e954c6dbabd4c6d729d4f5", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0180a53f8fccb987408a0c622f3b62630dd19cc3e84b5b24a447de4c4da3f926", "2a7649d32d0b95f381ba46a48ad52689c9354cbf1cdf0cdab1abdea9f6b3211a", "1e5b701eaae74df7ec48a921c61e8febe18acef025f2a3c89c24a92a91acdb1a", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "2c851507f8c99a9d05b6548d04f7277048f6fe4bcc713bf87ddb7f610746cb20", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "file-ini-modified", "hashes": ["307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "mitre_attack_tags": ["TA0003"]}, {"bi": "malware-trojan-trickbot", "hashes": ["307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0009", "T1053", "T1129", "T1005"]}, {"bi": "potential-registry-script-execution", "hashes": ["1ac155873282737be0b0c6bba7d65cf265ef304a26add37a692fbf96df511593", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "113a180aa24b8558049264e84b991f5590202bf7708136e2cf44b6668c60f7bc", "08fad9c7ea40d3d9453ac108f43c23eb7d210f4cbd1d3c64b05c1940a3a09e64", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee"], "mitre_attack_tags": []}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Trickbot is a banking trojan targeting sensitive information for certain financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.", "hashes": ["0180a53f8fccb987408a0c622f3b62630dd19cc3e84b5b24a447de4c4da3f926", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0693f993b33d7059e10763098eea96ddb5635951779b8f42b3d54900225666b3", "06db60c2be37b3680f3a4e64ba0dee7eae73c0b791ab452c9c215f23d2385536", "07d337c974b4b7f408fa4f160e77954258d9b5a0804703a97610c2b3856d8254", "08fad9c7ea40d3d9453ac108f43c23eb7d210f4cbd1d3c64b05c1940a3a09e64", "09663b39028952e5baa1b128f230d293dfbe426e48e954c6dbabd4c6d729d4f5", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "107bf5e890a41ca2cee3f5df53ff4d8d3a2d6bde90a2b0b9cd9523dc42f9b32b", "113a180aa24b8558049264e84b991f5590202bf7708136e2cf44b6668c60f7bc", "138b43c702ecb2a49d987b46269a6d87d4054346bc5b2e7180937c39947e058f", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "16c28969b0e11e9e7194aa6b70a3c99c6371e29aaca923b9644a8eb437a155e1", "18d4f1a6caab7bfc3b28b6ce129518166c9f72c82962957bb5b4c92f816cc596", "196a947c89ae40b8350155e4d5c521eab44432b8d234677868483f31b9d18846", "19db44ea86ce5522337992bff502d7a31a271de4fceb2551704c9757477b78e0", "1ac155873282737be0b0c6bba7d65cf265ef304a26add37a692fbf96df511593", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "1b1555a96f617f0d17ad3b59ca38126be64c5c3da660fb030c9a41c7951d88d1", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee", "1cb9b49ef81278cefda69d9eea677762d8677e4dfde0b5320d9650d100695c8d", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314", "1e52febf058bd57e26bfe747389e35f1fccdf776b221d74ccb866bffd3387090", "1e5b701eaae74df7ec48a921c61e8febe18acef025f2a3c89c24a92a91acdb1a", "22440a6aa71c086385a34043a04f961f7d535b6e191d573d4197e5a4a7386a42", "22aab2531e1e07b76fdf06a08d4d017f1e6bfcd64ed155f2a4d7064b98d7b42e", "24a57c5f58dcd55592bcc0897f8ae14e346b50e1c90a9b925f58bb11eb648e29", "24bbf01989bfeddd75dfcc6fdd2da019d4cb435e4776cc9e29551460a2cf295a", "254ad738e3f2f737b6cb1c0f6105137594300fd9634b5be89fdb8e0888dab0f0", "2552e836d50859320027136e4913281991f99351517f4da2e2f476a93b07dd56", "25652635372da0d36609724608caaa4fb4fbebae8cdb8e8230856ce553701916", "25684e0fc6779e3b4a6c05afc0060226c11e538a8befaf8e8b36d36f85da2634", "25a04868d4bb0b50d6f89f3d79ce6aa47a4087422fa777ad94630c50d498cf6b", "265e14772998511753c2715dff21a48338fb23caa48e57d22d7cf2d41e272293", "27bcf291204fa9d75dcfe8452b5c49bb6144f3bdb3e4cf86f0c5288adb2dc225", "282106dd18e0fdbce579b929d47dcc6fa228cc4f6747895033e8bf7720f26749", "2a7649d32d0b95f381ba46a48ad52689c9354cbf1cdf0cdab1abdea9f6b3211a", "2c851507f8c99a9d05b6548d04f7277048f6fe4bcc713bf87ddb7f610746cb20", "2e664c515ed9125a7130ccbf7bbc13f40dd06883100feaac7a1de0cb73bf6060", "2eee9889497949585765001569c3c2b5a70baaf8ee48b576c1fb081b53ad6baa", "2f40a45b3043b30a3274a6a2df1483e620a215fe805cab96e17c6cc71779d835", "2fb9ecf5919add1c99478b9864f6ccb3efbc8d3eb011460e2edbba2defb03c5a", "307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "31206f71d2b65768d5e9202a4de908952d493f7487be11968dc680c73bf2a0a4", "31ef49bd14e6a384dee4ea4270cf723d26ef2734f2abf1c489f21ee45b23b341", "320fa1cec91ef85971ccf390b2efd3fdca7b71263830991cdeff56119f21a582", "33f62b31c7998f4ce8bfd8b0a7407a1c67cd0f81013a5f2cc15373ebd6de5987", "34f25a89fbbe7d7c57a18ba593eacf516db96c618aecb5d63fa97ec4df0eff5d", "356c781752cb975737e310bb3cf32a7d7362a367efe7920c83672ade18e67456", "365b48b12c178f4970c139b4062590a46e8b9f023e99d47ed977e4ebf3e8dfc7", "3758f1429c87d84c1a5461405a13e81d239a4a79fc3aef446ef4cbe71393d71b", "37a9cc7b395e00fdde7010d329ab1668a5e402849a711e5239465706108811df", "37d7b3e17a32bf657943602ad02f88f4d727dcd5a02c6f8735d4cbcf3411c10f", "37fd65aaf8d079ade8c7ea31aea17976383001cbf3a3ee724e43d3aa64261433", "382dcf223a7d5338860bca62617cc51321bfd015df8bd8c0a81b322fe1f92b28", "39be22a5f36a75f664bfd4c321a511e5d543c3ba59c9634cb6bcf7e91c50f935", "39eea604b0bca2647c5600e180d5fab4a0f243b1a6762b9374c2e8fe68e9babe", "3a2abf776b54173e36b7ee5031a748aa2c28dd0f8baa9ac3ccfde7444d7de755", "3ab840278051ce0a8590e5c6f876ec4a999d62febedc3fb366341ad1c660aafb", "3b619f7b5f9efed9ca45c4321d765c1824476eac92ca33bfbf8173e88c012d33", "3e10a197b12b5b10272e55b040b51c56fa1c1f2c9b6a3150bf69f8f05104e6a7", "3f722e0a6d14395251d895c6cf65aa2cf8ce6ce3ef1aef33eb61db52c03ebe6d", "3faaabb9c4657bbe1b3c009510e5f4e9c2b1e6fa640a3a2306f2cef3770f7659", "3fbc8332c769fe17add82964cb2242ed8f6e14cd4dcb0d6b80acf8826ff13faf", "3ff97de5e6d146cfb98d685842e814c04c497340d9c4ab32e2519f417de0583e", "400b0d28eb98c959ca6c3b81e8ccd388333cdfef92d58c3c5208f7ee1ec78486", "4184c06f4fae82096972a58cd0cba8835124d89671889846cbf838ff7e4e856a", "429bb9dceeb3e10325bc4439a40566efc9ca4af047c98ea6debb5a59bc59095a", "435e131dba018addcc3a14b553851f6542f59ba09f6a0fd11df0d317099901e5", "4401de1d67744b49c0ce816c8083aeeea71dc1dc38d2db08e46804c56d2ac032", "45554c93165d6c66d9ad36a8d51750fe719e5ac3f2f19f5cbe4e9d6a60155189", "4690bf102fbd03c558be7d6102194f3318e3d850c70607d90090daf12523dac7", "488b9bc725b28446754e49d10c584706ae614a6e00f978e3feaa9969c126c00b", "49d5a2c2acc8493f0bdc1a6c4fa9f5e28ee688ad9c264c5a9ee5724cd5ee4cda", "49e4fc8abce6298b3b88336d831baa1a2192865a5b8a91947658436020ffdd74", "4a02f173280aac0df5fb65261a42ab95fc7de9b981c7dbf20c69030d6eea9f7d", "4a1e8fc4c63f0129365707824a6566a1ffc45d70c5bdcb3f8679ad113baa4fa6", "4ab99eb7bad656fad3adf3ff83697708af55df009f1ad7260696ede5ae9fa8d3", "4b8962674a8940abe7cddf0a4215f3159a7606b0d7ea44df0fd7ed74f46530c5", "4c6ef0026362439a34b14647a6f0450e19b6047b6c3e83f0bc3a7d6f2f8aefe0", "4d19af4b69e7ecb771b2d845c1e770198624ed0a61053156d51cd353d0be0d36", "4d5a9a6a192bebc9f8f219f488612d94059deceaaa4ee1b15f06d4a54129ade4", "502dec2c6e504bf3422bd283a0ce28b776b9780c85ac1bb25b344a5ca0440886", "5035d6cbf5e9df87c5ef46c8082ca1f6589549d6c3a693c9e05c859e7f29a7a3", "512a9ac49534390edc056c0d7eb5eed45bc578ad2f641b90036726db49057a74", "519bd91de851f71864af181f92f3b528b0466426793b3f4510c8684eb8b0edb3", "5391a00169f563c747948252ff8b7f7d7237dd9730a07314c64025654840aff7", "5415412222ea7c230ee634291717baee474d2f4e04ca390b0e80e823f8492538", "542936a325ed270ad26bfa24b13aacfcf5cd39c6484a486330fd158f7369b88b", "57144ff48dc829cc26d6c4587fdd13e1c45dcbf104e1294393de6e05741fbc03", "57ead7ad1ae7202e2ba674542524aefa977e9dbbf2c30f301a4ca0200a57899a", "5a1bf60f64ee6c66ddc88bb78f47dfa91752036fcb4758803ef886e4507c3fa9", "5ac143a0f8d88534eca77916867c904221f46e3572cd7c21e0d991aae6d96999", "5b95fad83afcef4117a8f509939c4cc3af6645755f4836474c48274fda3790ac", "5bab989c37b95ac2267bcf481b1a2eb35d53698c7e3855340f40430f0358db63", "5c24e14e8d4ad8f110f8103e5da68736db9ffc2d8579c66333beb16a2125e2f2", "5d1ff1e0d563c4b97bd847f87eded4ead4b579c7340c3fd634dbe49472fc3073", "5d85fc250c2a24c03e6f7eef5f82653475d6c1763be15645b4dabd3fb879500d", "5d88a1fc3b48aefd62ee6105675360fb435d5b20d608a782e8354ea0f3d2fa68", "5e29c030f4af10eddf553322cee9f5aaaec2382fb5d257f1ce7c14cc2af80371", "5e415222a4e031cabb97885b08fdc69a249a33fa7bc6074cdda5379cb00ed7c7", "5e48cf776534f3a742404944c600bd0ec8fac7dc2a51c7b3f93d7d74a7f27a57", "60a20a0bf3923f76ca8caed3690b55c211a2ed037810a59a096162038ce39daf", "60db3a954f659da9a89ac6ccbcace368045033aeb1a1dfd6edb26c82cc64c9e0", "61deeaf95f7efad56842a083b4ad0596d9e31a594fe57056e63bc42cf1f5df60", "61f175742a436dc105d90e1c604351806c6c393886025f9830f6fb6ffa2f14b9", "6264b571cbcfe6ed5385b3ce875fff0043f862bb02e1c664de620beeca96225f", "62cba804a4fd9616845895073a3d2d4980dea663d498a207acc0a48a2bcf0761", "646984a38069ea5d8ef6a43b21a7fa38d024fe311f7bed1b12774279ddb85eef", "65cd84b8dd488bbe84c5739d8537bbb27afae05afb8812b8d216f8dcb3933073", "663dcd582044f88a5ad7569c7da7f08744c1a67daa59ec6010a9011942504032", "6649adcda49ab16a4f4cc5c0468d2207979417db286a020afef5bf2359f8fa45", "66947338a28df7ccbd38a58fe77870c59c82962098e6e645a264788e2c3c0458", "66b400d360d8859776ce92c576e17dcd125bef440861216411c510a0b80bfc54", "688c94ea7236fee8c562870f7fc755bf68d81f22a3da0b8061b30be36c6eb602", "6a5015ea527e9a540e5bc5f10e7e875894372980f4240d72f0bab76bdc6ad937", "6a7b04efcf45738105be133faa6fe9aedf2cc510be33d7e38138a950d730eda6", "6db4c40875836df484129187fab10008ee1a045af8b0c178c5bcf847d085887d", "6e94acfd14145d96731a357cbc9fefda90006760500d39dea4cfafc5ccd16ebb", "6f052be066857b34a7b9dd95b8ef3060d6a9d7eb1266790fe9e1740725428e72", "6f3ba060efc467d5a352cfc09bb010ceea65670dab457d71438f68e41a20408f", "6f7c9a68c58d9287fab38039a9ea7933da1a1e1a7b91ec29eb49de8f24900557", "70634f82ea6d1a8be9be8117cf857b425544e599f5bbfb024e83aff15d2a6f50", "70900efcced763ce1afed553b592937d5a05e9d87cbd8317f0e10b17728d8db7", "721c01798913e3df04e506b5688ed9d3f44884d2e25be086a5bd1317783dc714", "72231c13f875f799cdd57c5f8f2c32097230fa8aac21e775503d2db3ac2ff4ab", "73a081bb7a0c50241297d5ae54852405bb509685f57ac43c88cf2fca8aad85b8", "74c44ffdfef009aeb58890a219f6ea14824a1be1b7de6cfe26e6e12f75014a22", "7535c9bcf2752abdd7a95a92295cb51d5df9c4eaf6055ab4a0fc425b77018849", "772380c172167a77c245f7fc205ab5281f7cf278597ffcb76557dd23e8466aaf", "77ab46835eee894400f3fc507cf534a6d2eafe95347c551117a21d61f2a27398", "7a00639851422032829381ffc34c8273139efac3538697e49d17233f568d6e0a", "7a1a59a07a1ccf3f985a9141e0c633bdc101cdd92a02b0aa0ab11b8278234328", "7bb5178ea6abe05d1e023ec972e89d23667e1524a333b6ae9519d8c9fd5e29ef", "7bb7c2b7ef1e9a1a5443dfa3fe3354c93e429067be1e5a3c7fe622ecd1a303c0", "7d1e50c41ce872fa15fd568def84e398f8300f6f1059da429c3f67378389df2a", "7d83126c3b9ce15ce0007ae51cae018a5ac219f486c2a764aff654ea39d77b9e", "7e519337c65f6dce21268c58e7896a81146b827f5e49f427ac66a9a7e9cd42e2", "7edbf663a7314dd4124c766ae218c1a0ee4bc84bb77d72863cfda9531f8ea3b8", "7f13abec510dbcb039c1e05a67aba425c89ea2664b9580e015aed081ce07f7d5", "7fa4ffb5b45402cfe383aa824189b71025bf684638371e42a4f1cc3cbcee8d71", "7fb45f326b00c6f720d8b7d0d2d3ce296db47f6c9f7bbc1d30b38b480920e66c", "7feff2c3b15e09bcb83c184105529fb701fc3533bf83cc432d5ebddc4fc8fa2b", "8048146017f5f79f5d75074593b357859d6af111dc8cfd68294dc18015926aae", "815e900bdf74fe94221555ca3035ac5623b6c2836e4a27c48ccf3e1cfa785a7d", "81d3d2074d18a2f300285380416bf2194b7fe2c610022af70400ba70bb7330c9", "81e32fae2001b8ccd37a2f0cf691b39e4fcad14da684896f80c39c8bbf0b4339", "81e9cc6b2d3f0daab14a6778b3879b0bb232c937068f5d2f2f9b399a39885d08", "8257ed6561d6bbd0e645dbcd16556380d3c65d8b0f98f4cb9b6b1ce8e45f7f89", "838d47c4b6ee461c4332e95b2cda1d21a5ebe0060be93d7b5d3ae26d54188412", "84e2b8dc9beef49b9ea8a76eb043db9f36d712da1a469760e89d540e49b950f8", "85566c7facf4d9ce53fd7bb95da6dfc9bb93b8726f58286df0e3767db3eb2535", "85ed8e54e16ab6937561de18eeb140135ab7cf90e9b052b9ee67f8883e7d3d54", "872e8f28185dbd62716e95eb9fa064e8488574da3ce8a16ad5c436676b4812bb", "8944373be1e70505d170c5bebab583525d7b01f74388b21ab37239bb306886ec", "8990a99c57c7a5edb035e380080ddaccb66a6a6e515cb2e0fddae216828da28f", "8a176b3b498c9f4eb9bc2650def081ca7bee0c1fc3c45cc60f576660cb51a12a", "8bbdd4a8724e678b19bc0a0606a9dab5ae341804593732b4537aba9882b3e36e", "8bd28e8a976254258d3407b1cd0a92f052451b3b70f72afc87dd7168c0f8567b", "8f7cdaf299c4d928f256209cdbb5e3e32dd6164301bcf6e02abaf68670730b0e", "8fda3edb71285c3c95a481d931dbd4c5f9755cccf09ca189cd3808777c757a46", "9044e4a4fbd6cecd5314326dd09b362c1164b3c9be53ed4fc9cffe68a5a46847", "909e8e048d8ede945f377d92b0ec25e6d4fa9d2ae933a5f32c0bb29e473e2d09", "918f03a11e4f456ede2c433901f6ba3fdca2fcd4a6a32b3385fe7e944cf2176c", "923c13f3b18fe1d9b5376febee31a6be9076d16456c7a6291dd742a96ddbcb18", "9267860eee887446a1397bdeb1450462a06101f851822fc850e034ce8799acc8", "928fc5520eecad528b4ef7956a75e8fb6f16ed606aee541bf4aac46e79575cc1", "9444b0681b7b2674f2d6943cd1f51ace745c76a60d3ec999d8fec8a153c3ae08", "95a99a348c121fd72d1f5f9a9af74ae1b286114fcd9c8547f30a99748a3d8c3a", "95bd79480ed9b42dda96aad54b8cec1dcb2ff9442db6ea874d4a17dac599aa29", "95d78943be07f634ad741adf4f1183269ef68094c301e2d43c76b6414d371be8", "9904732ca1c9462d547cd232525a481e0320530a1546c6e7b713a798a4928053", "9a1a462694fed3ca6071e13e168601a0299bdb633771ada10dfc1de03c36da2e", "9acca8cf764e7633368b3df5a2e5e12e5e4e0204b709137e17cd07b2f8e02a5f", "9b4bffdcd096e3dbb9053dd7877a32aa3f23482af1afa9b18c90eef70263c85c", "9b8b97bce0327310d5404ad627a208fbba18066d8abaf7374e94703fe76d30a9", "9c65ca5661f5810af6a60c38d104f643e4abab79bd01ec4e98cc759e92d49c93", "9d047ce692a304386998133de662770fb018d62de2c7c9e12e8d0705735ba494", "9e5364c805ea7a08f5d9cb5e6d2bd54fedc698def9e8cc3662cc257ebc5b5478", "9f97db60ddeefdce025ddab994da8dbc6dd7f2944998a8a1c0fd5bdc1a3fb6a9", "a0f0c212657e4145f46a52d28e5dd5a9572c77cc62a974b1df93aa7a3d06fe07", "a1d8a6d19d62a2a21235752aa7cd957c9621b5c5166d9466c9c3e4bc68eef840", "a1dd3c3e9212e6722393d8971e899b8068069bd033428d990faabe0357435aa2", "a2013169ef649cb18c09ed65170808c6f190ea79fa11b28c2f919ce31bcc07e7", "a2550c739518f5a6752d32b44d8ba3e5c23a0a9d76cff7a9a397d767145403c0", "a3c0ce0865c6d0d34045bcdf8f9d1477423be0e2592bb63058a7263444df62b4", "a51425ef4b681a02ef81cec3386ebe6254b268c2bbac536a34dc17bd7a3fb330", "a6b420249a33d23660b16cd8856ff2c5ce4d3368e04eacac8992a9758fdf3b16", "a6e460baecdf8c41c6cca4081828aa7c36b55e2d51eddca80c33b484aa6915ae", "a8a9380020e9a6f2deb78b398434e291bf32988bc758f67cb34e5331fae6beec", "a9035b666655c60d85ba6943c55d1901cbc69015e4b0e7c1e76437f5eb668207", "aad96f9c5cf1d58c9e406dba36dd099a46fa3b1d3041228aab38c9eb0a57ef25", "ab596329c24428aa5a18cbd6676ac413091b428a8451c72b1788ea054a151836", "ab935301c790a5b310907039ce69ff7affc4881a83b811e5a03879d6f9f4e99a", "ae6b9ef4c1c5e39bfd6e019cd344289df497e6e42574161c28d260d911c68932", "b1bb9c7740f95074ef4168452b42264658da22aebe8656c73989b153e3114032", "b333d02db9915fbe96d14052720e736042b4c5f0a9f92c05e195206fe28a0a28", "b38dd81a7646fab56dea6283fefa6c56df9bae997efa18d659075c29a00ac2a5", "b3ba3ace9d5079d9c25cc3f869bdba80d129d24408c57f061806de5c798f8a1a", "b5058105308c4973c0d04f2b159d1ffafb9bb678b2c471ac978d2703503a6fa0", "b94cb22f07bed1bd6198f66096909b1b9f489d8618d5ee482dede46cdff6246a", "b9c1e880a7c56d7557f1addc79dc75beeaad525b6f6ca1adc74e5ae0a4fe8191", "ba57e069547b91ad8b579ca169d2fc6419cc36c9ddb0b0f92b436bff7698259a", "babd8845d118867c0102fac4e4270cde5f4f961acac94721e6f4f84826bfbd25", "bad5c022d76592d7fdb48801fa92ab0738e966cd0ace7f613da13aad9c774d99", "bb0d62239e569f0f02ac88cfe4e46bd9cd2e1f73dea2a27a8596ed17675c9e44", "bb1c6374da814523a4c8647ead45dc9c3daa775cf4eeea7dfe4d309623cbe0a3", "bd1db5e5dffb65309ff5705782e5ff81cfd8cbb6605501edfb71fbb823c4a1d7", "bd3449a8fce8db0337f071b850a187412a8f89e82c966ef3dba0c82697692e6d", "bd93a7ad0a5b6a55601ceb65193f05c7bc4c33ab011b9a6d46374617108ccc60", "c0ffb5af96af9ccf6a06d873c9052154346bbb4d74446a4629d16871c80e2f3f", "c291ae2578d04ad3aaba2f6052464c69b5fd644b6911c9d0733cabe2eda7b835", "c2bdffd73cf4288bea559e6be9c6bbe2ea14c77a2da04fa630caab3d30986b7a", "c2d6c1f0c8f19d8587fd9ecd030720a10a1f085db1cf316903be2b9b58cda77a", "c2faa8373e2911218be4075ee558b8300fea8a1d863bb7695dcdc5c5bca822d7", "c3acc92157733e29ba5f2b354a58e412acf12bd792d43d66271e8f0dbcf64a0b", "c429a5433c5405250d4406a851f2674fae0ae4b2481e46f8fc18dc26cb499e6a", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796", "c5dbd65f7c2c26d545be4ec89f31bcc447b76acb45b3ecc6464765f127cc8448", "c69d65cb7878022c576978329340f2ac35c792310cd88c6b0cf70712ad50cf33", "c6c0aae19f92bf6c1a21854fa17e1e4ab49c25162a020affcb8153928c601aa7", "c84f4bf35add8326007662f090b54aed75f8df7b536673cec2159706f8d125af", "c8c50c1bb9f47389f51ccdcf320e3bde7459685b151a780b87ed9941977f64ea", "c8f237b03020a46bdfb69ff95524ff141e76ce5b26c6548f827378fe19764b6b", "c9de5836e7574aee7c6074b9addc040f930cbfe337f1ed62da73049cf2284f92", "cb7a6b24a02ada53b7fe6a7541a9a8b674e02bfab576ebcf82e1c2b5f809e4d8", "ccc4454ed9ff2f1595ea5330c5f8c3c35a1bb8169ab10553e9911a5a9ce133cd", "ccd39fdef6469a210504f738ffc0d807bba523703edffc2894deee0846aea737", "ce319884f112f64c6851701a739bc816246bd2dabf81fda1a17d6665aec9064f", "ce6b8c322394522d2071173a3f1a26f1b571ce0d2ac38cb8ef2777363a4d6e25", "cf28aa1e3a2bbb9bfe2301af6187abb29db6ada35087190603ae6e2f549b56be", "d1ff778a7963a041ef7089f7b37b45cabee76ec104c49069c2deefa2595e05dc", "d23559313429fb305a852e710bf3819ee34deffc1187eff65accc8f4eb33d28c", "d28050ae1a42535915c6031a5ee5b903eb6831731cfc24987a726a4ac7ca406a", "d3a05f9b6862f6cf45d015bf851da9f48765639c27949a01beeecfeca0a1ac0a", "d3ecc7db3822f2475f3655e1fd91c42a7e366bf9ab7246599c0ccd05f9d5354c", "d40ed78cb6d9fbb9ca6caf8044363b141e5a4536e104389f5d193aedc037eed6", "d5921d1b5883bd9edd9dfaed1087e7ea0e8871ad68c5778c1d5ebab172e773a7", "d5a42100fa2cc299d84dcae71f4501cee1048f5d7063df5691a621c0f40420a0", "d5b7152e23f425fd2116a72310c9009c2588227e0b71ab57e7eb101bd90404d7", "d5c9005b7399c97b635afb807749774e5f03448d20596e3d1e7542d30211bb58", "d75a63b398b8f674cc40cd30d873529397ac1894d841161d6781ea2a0de5cc7a", "d7800bb4bfc563fdc042451905843c9423ea94306aab6e8965dd6f5f393d22d4", "d88d020e06a997836302def5d5bca2a4f83358df09dc3b247963a9d728f0e992", "d91047c43ba1c94f45e57b3093675aa5c1a4ef1cf7abb583144ae6b8185bb0f1", "da3586795e78a2b2c644cf2d107893c1ac87a617983dc8fde755150f471cc3cc", "daae09a37634053ba0a1bccb716be64b50cf667eccedd7fc60f7e3a64dc5c929", "db52ce77c4e65f98c34858d03ceaeeaa7ec7d4a34c67b99e5630d7ddf8a9a5a0", "dbbe1e5b0fe65a7a95c038c3873e3e77b5bb0b62c9ebded629285a8755a1893a", "dcff8996c74ccb241c27085f3abaf282b6d4597213c489a19e973b32caef3a47", "ddfa489bc44701c4e22e96640ae71403d6885ac6a281020f1e70ec95476df8ca", "df09aac301a6bd317a68a7529f95d136b7e3ffda0949f926943b1d9d951df8e8", "df9407bf768ce166fd349ce260e416722b80a057a3f2ae942c210b66e786e84e", "df9fd40b717557757a9f877b0ee635d29323c941d45e68c073394426fd8c3ce4", "e04026c0496f9572524192f8549c5622b06f595ec1c97f64e2873e76fcbf968c", "e066f54444e8675d3b6833788e5aa1901f55ba83bd675f84aa88dd6e548c27cb", "e0c5583ba061bd48bb6958451fcf5fc6b244dbdc2a09beaa71752c809a215544", "e2944e202c52f7657587bb2a9d94992669ea85152f1d92daba7341f0afd3e9d2", "e6283f77c4d589b1bce915f423f267ad651dd86a218dc2d44323889b6fda5496", "e682b8ca819ba1a444dae4d7d68cb2eb31f3e73498d6496ba5ec5fe4cf84a84f", "e6b28a33a3b8ce2a2fa21c44b2607f56617f89e65b4823f79543203801ebedb7", "e6f82566b4a2d448a5426555b744e619d2744b180ef6bb1d13900aa113cc6523", "e7691d986a1cdf631008b19c489c2ac9e5c54a8934cd366bb7fdfb217b794f33", "e7d94d327819dda0e7715fd3133680277e6521c6316bc6aeb5efe3fcea147e93", "e906b9da607336a80a9d37ff6c91c8b5f6802fb646c3d51795803e0aad713684", "ead9152b2525da103e1b253ec75a1fed3a4f2f145d7f85ed8d7dcd1bc79c4af5", "eb9449b2cd97b6ce5b3bcba136260f152c4cdc188c8fc2ccb841f684335dc687", "ebba3f35589545767b6a02b134ced56675e7466cf9ccdf0d60137c6f671d6bb3", "ec81ea021bb93775442968f74f76371a6c4dadcd9dc0985bbf62e7a9f56236a8", "eea06db3f8364c6acc79be72ded782564f6635fc43075d3f10a1020a13ba3343", "ef3923219873c676f5f169a26e02bd1d465f249c0c83a8c45a328449a419cd2c", "ef46f215e7ed76af1f1f5ec950bf28b7cdb2870a746b61dcfea28f80dfb0eb5d", "efd46ec97e7c1b77420697ded0fe37e5a61ab6163d644e8f49b477e0f70e1351", "f0731f0d810926035f4ed38b2164c528ce1564961d9102f39be1236f2e907511", "f1890bda16a8312e9ea6a76232739caac284c22868b5bb449cb671c1b8487667", "f2adf78c375564c64219939ffcf7f764113fae52706fa1ea5997249e184e9f3b", "f2fbb3ea317a6375b4961393903d6330388f796f8f57073444e9edcdad1eacd0", "f3d8b89000ee8f1daa9ae07188efa9e4532bec0d3ea938712d148f2faf565a49", "f40589624e9495e077091c68551920f7f85b0ff1ba2017fd92a11c53b8fb61c1", "f40ed9ff4cc747cbfaf9bc47fa90202bf1c799a5e9a8e4c96592d49d79053326", "f474d083887adace31756be882e2dd147c857b2ec5ff5f2ae2a0e80bb812743e", "f4768816f9572521e3a8de6bc0da8c3f0bafcc472ca06dbdf364d6968f332257", "f4e8b9d04dae585627e4cb7b9204bbcfd2fd67afb1845cf1ad852ea8e0086b31", "f731f7ea907a8e7118df44afe1b2891d827e9f2c2889a81ec828d1e732f8ef31", "f7601c89e6d4b3555fa8de9b8a9a4068baecda34534521a15010492d0baa2002", "f79db64f454ff68f500ac7bf83ab8207886fb561d0a1c1f19fc0aca7f259dbb8", "f7dc07579b25735b5b92939e96588615c206d8b822c3d49000addc5eed76ab8c", "f813cca0521dd72ca9eedc824079467dc64047d79266d08a8abcf9019500f15c", "faf040948fcfccb947dbb2abc20ebac2e59d6ce175bd67a91e92b03ddc77d91e", "faf3fdd09f7463aa6b2df30dedc30e2352fc7bf5f839c9d859e98aee6e2aa715", "fcdbcac1b2e73f97b09ff022c8b9a9f756850f9891808f865dbec346559ed6bb", "fd5e64ab3514b1ef8b5bc205208cf00c27317c1ef8dcc76e1ccebde2a60f6302", "ff11d476114adc4a0607345811ea9504c7175813e0a3a3c380b6c651940a9dcf", "ff440e31691789e3b6240b51f6b93a8523e577661cf9102a566b2a82f4bdd2b1", "ffde6fe819d1567f95d71f9c4c8a76c0c73e7a32ece5fda61dd5c27275ecc5ae", "ffdf851de183fb34b6171ab9c7f442b026d1452bec6f97a55933cf2585212e26", "fff4a9706dc6f01400ec3ab1ceace2711eb52e5a5b5d50ccfd7cb7efead401ad"], "iocs": {"domain": [], "file": [{"hashes": ["0180a53f8fccb987408a0c622f3b62630dd19cc3e84b5b24a447de4c4da3f926", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0693f993b33d7059e10763098eea96ddb5635951779b8f42b3d54900225666b3", "06db60c2be37b3680f3a4e64ba0dee7eae73c0b791ab452c9c215f23d2385536", "07d337c974b4b7f408fa4f160e77954258d9b5a0804703a97610c2b3856d8254", "09663b39028952e5baa1b128f230d293dfbe426e48e954c6dbabd4c6d729d4f5", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "107bf5e890a41ca2cee3f5df53ff4d8d3a2d6bde90a2b0b9cd9523dc42f9b32b", "138b43c702ecb2a49d987b46269a6d87d4054346bc5b2e7180937c39947e058f", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "16c28969b0e11e9e7194aa6b70a3c99c6371e29aaca923b9644a8eb437a155e1", "18d4f1a6caab7bfc3b28b6ce129518166c9f72c82962957bb5b4c92f816cc596", "196a947c89ae40b8350155e4d5c521eab44432b8d234677868483f31b9d18846", "19db44ea86ce5522337992bff502d7a31a271de4fceb2551704c9757477b78e0", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "1b1555a96f617f0d17ad3b59ca38126be64c5c3da660fb030c9a41c7951d88d1", "1cb9b49ef81278cefda69d9eea677762d8677e4dfde0b5320d9650d100695c8d", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314", "1e5b701eaae74df7ec48a921c61e8febe18acef025f2a3c89c24a92a91acdb1a", "254ad738e3f2f737b6cb1c0f6105137594300fd9634b5be89fdb8e0888dab0f0", "2552e836d50859320027136e4913281991f99351517f4da2e2f476a93b07dd56", "25a04868d4bb0b50d6f89f3d79ce6aa47a4087422fa777ad94630c50d498cf6b", "2a7649d32d0b95f381ba46a48ad52689c9354cbf1cdf0cdab1abdea9f6b3211a", "2c851507f8c99a9d05b6548d04f7277048f6fe4bcc713bf87ddb7f610746cb20", "2eee9889497949585765001569c3c2b5a70baaf8ee48b576c1fb081b53ad6baa", "307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "c2d6c1f0c8f19d8587fd9ecd030720a10a1f085db1cf316903be2b9b58cda77a", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "path": "%APPDATA%\\MonoLibrary"}, {"hashes": ["0180a53f8fccb987408a0c622f3b62630dd19cc3e84b5b24a447de4c4da3f926", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0693f993b33d7059e10763098eea96ddb5635951779b8f42b3d54900225666b3", "06db60c2be37b3680f3a4e64ba0dee7eae73c0b791ab452c9c215f23d2385536", "07d337c974b4b7f408fa4f160e77954258d9b5a0804703a97610c2b3856d8254", "09663b39028952e5baa1b128f230d293dfbe426e48e954c6dbabd4c6d729d4f5", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "107bf5e890a41ca2cee3f5df53ff4d8d3a2d6bde90a2b0b9cd9523dc42f9b32b", "138b43c702ecb2a49d987b46269a6d87d4054346bc5b2e7180937c39947e058f", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "16c28969b0e11e9e7194aa6b70a3c99c6371e29aaca923b9644a8eb437a155e1", "18d4f1a6caab7bfc3b28b6ce129518166c9f72c82962957bb5b4c92f816cc596", "196a947c89ae40b8350155e4d5c521eab44432b8d234677868483f31b9d18846", "19db44ea86ce5522337992bff502d7a31a271de4fceb2551704c9757477b78e0", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "1b1555a96f617f0d17ad3b59ca38126be64c5c3da660fb030c9a41c7951d88d1", "1cb9b49ef81278cefda69d9eea677762d8677e4dfde0b5320d9650d100695c8d", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314", "1e5b701eaae74df7ec48a921c61e8febe18acef025f2a3c89c24a92a91acdb1a", "254ad738e3f2f737b6cb1c0f6105137594300fd9634b5be89fdb8e0888dab0f0", "2552e836d50859320027136e4913281991f99351517f4da2e2f476a93b07dd56", "25a04868d4bb0b50d6f89f3d79ce6aa47a4087422fa777ad94630c50d498cf6b", "2a7649d32d0b95f381ba46a48ad52689c9354cbf1cdf0cdab1abdea9f6b3211a", "2c851507f8c99a9d05b6548d04f7277048f6fe4bcc713bf87ddb7f610746cb20", "2eee9889497949585765001569c3c2b5a70baaf8ee48b576c1fb081b53ad6baa", "307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "c2d6c1f0c8f19d8587fd9ecd030720a10a1f085db1cf316903be2b9b58cda77a", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "path": "%System32%\\Tasks\\Mono Library"}, {"hashes": ["0180a53f8fccb987408a0c622f3b62630dd19cc3e84b5b24a447de4c4da3f926", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0693f993b33d7059e10763098eea96ddb5635951779b8f42b3d54900225666b3", "06db60c2be37b3680f3a4e64ba0dee7eae73c0b791ab452c9c215f23d2385536", "07d337c974b4b7f408fa4f160e77954258d9b5a0804703a97610c2b3856d8254", "09663b39028952e5baa1b128f230d293dfbe426e48e954c6dbabd4c6d729d4f5", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "107bf5e890a41ca2cee3f5df53ff4d8d3a2d6bde90a2b0b9cd9523dc42f9b32b", "138b43c702ecb2a49d987b46269a6d87d4054346bc5b2e7180937c39947e058f", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "16c28969b0e11e9e7194aa6b70a3c99c6371e29aaca923b9644a8eb437a155e1", "18d4f1a6caab7bfc3b28b6ce129518166c9f72c82962957bb5b4c92f816cc596", "196a947c89ae40b8350155e4d5c521eab44432b8d234677868483f31b9d18846", "19db44ea86ce5522337992bff502d7a31a271de4fceb2551704c9757477b78e0", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "1b1555a96f617f0d17ad3b59ca38126be64c5c3da660fb030c9a41c7951d88d1", "1cb9b49ef81278cefda69d9eea677762d8677e4dfde0b5320d9650d100695c8d", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314", "1e5b701eaae74df7ec48a921c61e8febe18acef025f2a3c89c24a92a91acdb1a", "254ad738e3f2f737b6cb1c0f6105137594300fd9634b5be89fdb8e0888dab0f0", "2552e836d50859320027136e4913281991f99351517f4da2e2f476a93b07dd56", "25a04868d4bb0b50d6f89f3d79ce6aa47a4087422fa777ad94630c50d498cf6b", "2a7649d32d0b95f381ba46a48ad52689c9354cbf1cdf0cdab1abdea9f6b3211a", "2c851507f8c99a9d05b6548d04f7277048f6fe4bcc713bf87ddb7f610746cb20", "2eee9889497949585765001569c3c2b5a70baaf8ee48b576c1fb081b53ad6baa", "307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6"], "path": "%APPDATA%\\MONOLIBRARY\\<original file name>.exe"}, {"hashes": ["030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "1cb9b49ef81278cefda69d9eea677762d8677e4dfde0b5320d9650d100695c8d", "307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "c2d6c1f0c8f19d8587fd9ecd030720a10a1f085db1cf316903be2b9b58cda77a", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "path": "%APPDATA%\\MonoLibrary\\data"}, {"hashes": ["030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "c2d6c1f0c8f19d8587fd9ecd030720a10a1f085db1cf316903be2b9b58cda77a", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "path": "%APPDATA%\\MonoLibrary\\settings.ini"}, {"hashes": ["08fad9c7ea40d3d9453ac108f43c23eb7d210f4cbd1d3c64b05c1940a3a09e64", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "113a180aa24b8558049264e84b991f5590202bf7708136e2cf44b6668c60f7bc", "1ac155873282737be0b0c6bba7d65cf265ef304a26add37a692fbf96df511593", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee"], "path": "%APPDATA%\\FileExt"}, {"hashes": ["08fad9c7ea40d3d9453ac108f43c23eb7d210f4cbd1d3c64b05c1940a3a09e64", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "113a180aa24b8558049264e84b991f5590202bf7708136e2cf44b6668c60f7bc", "1ac155873282737be0b0c6bba7d65cf265ef304a26add37a692fbf96df511593", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee"], "path": "%System32%\\Tasks\\Shell File Extensions"}, {"hashes": ["08fad9c7ea40d3d9453ac108f43c23eb7d210f4cbd1d3c64b05c1940a3a09e64", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "113a180aa24b8558049264e84b991f5590202bf7708136e2cf44b6668c60f7bc", "1ac155873282737be0b0c6bba7d65cf265ef304a26add37a692fbf96df511593", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee"], "path": "%APPDATA%\\FILEEXT\\<original file name>.exe"}, {"hashes": ["0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "1ac155873282737be0b0c6bba7d65cf265ef304a26add37a692fbf96df511593", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee"], "path": "%APPDATA%\\FileExt\\settings.ini"}, {"hashes": ["c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "path": "%APPDATA%\\MonoLibrary\\6f80025bde0da96f33bf751168ca7d67.exe"}, {"hashes": ["c2d6c1f0c8f19d8587fd9ecd030720a10a1f085db1cf316903be2b9b58cda77a"], "path": "%APPDATA%\\MonoLibrary\\f242faa29b06fca60de6637aefc2b457.exe"}], "ip": [{"hashes": ["030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee", "307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6"], "ip": "194[.]5[.]250[.]178/31"}, {"hashes": ["04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "ip": "85[.]143[.]218[.]249"}, {"hashes": ["1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3"], "ip": "5[.]182[.]210[.]226"}, {"hashes": ["1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee"], "ip": "200[.]127[.]121[.]99"}, {"hashes": ["c2d6c1f0c8f19d8587fd9ecd030720a10a1f085db1cf316903be2b9b58cda77a"], "ip": "185[.]14[.]31[.]72"}, {"hashes": ["0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f"], "ip": "212[.]80[.]217[.]243"}], "mutex": [{"hashes": ["0180a53f8fccb987408a0c622f3b62630dd19cc3e84b5b24a447de4c4da3f926", "030a5d3849f45bc96142217dcfd20bab9c96dc1e1141a0b738f93ee828a3a660", "04325bce2709d6bd769c99666350ee8d38c9ec8d6814e471783d0044ad67dfd1", "05b16c068892e4c37a128fddfde75e1b8ea5e96dc36a8bba6f27cf32982164ce", "0693f993b33d7059e10763098eea96ddb5635951779b8f42b3d54900225666b3", "06db60c2be37b3680f3a4e64ba0dee7eae73c0b791ab452c9c215f23d2385536", "07d337c974b4b7f408fa4f160e77954258d9b5a0804703a97610c2b3856d8254", "08fad9c7ea40d3d9453ac108f43c23eb7d210f4cbd1d3c64b05c1940a3a09e64", "09663b39028952e5baa1b128f230d293dfbe426e48e954c6dbabd4c6d729d4f5", "0f646a9856fccb7a43887672f23cbbdd0c2fb7da2432891eb06fd29127efcb0d", "0fa942bad45abde9753867b98a5b44576583d6bca4c81ac21ec54aea73216d8f", "107bf5e890a41ca2cee3f5df53ff4d8d3a2d6bde90a2b0b9cd9523dc42f9b32b", "113a180aa24b8558049264e84b991f5590202bf7708136e2cf44b6668c60f7bc", "138b43c702ecb2a49d987b46269a6d87d4054346bc5b2e7180937c39947e058f", "148c1ef994d3f7fca1238a3f977f279e89d2fe7c320dd18684787025ad6c3369", "16c28969b0e11e9e7194aa6b70a3c99c6371e29aaca923b9644a8eb437a155e1", "18d4f1a6caab7bfc3b28b6ce129518166c9f72c82962957bb5b4c92f816cc596", "196a947c89ae40b8350155e4d5c521eab44432b8d234677868483f31b9d18846", "19db44ea86ce5522337992bff502d7a31a271de4fceb2551704c9757477b78e0", "1ac155873282737be0b0c6bba7d65cf265ef304a26add37a692fbf96df511593", "1b1031685922cd8bcb0b469851c6b6eba15ea06e87a1b48eee3a606d38bad6d3", "1b1555a96f617f0d17ad3b59ca38126be64c5c3da660fb030c9a41c7951d88d1", "1cb67ce1be241cb988de3209cc272a9abac46002e438c9c45a242f9c2776eeee", "1cb9b49ef81278cefda69d9eea677762d8677e4dfde0b5320d9650d100695c8d", "1d237c89a575ecfd380654ca1fa45b546f83201c001344cb3ec3a963ea4b0314", "1e5b701eaae74df7ec48a921c61e8febe18acef025f2a3c89c24a92a91acdb1a", "254ad738e3f2f737b6cb1c0f6105137594300fd9634b5be89fdb8e0888dab0f0", "2552e836d50859320027136e4913281991f99351517f4da2e2f476a93b07dd56", "25a04868d4bb0b50d6f89f3d79ce6aa47a4087422fa777ad94630c50d498cf6b", "2a7649d32d0b95f381ba46a48ad52689c9354cbf1cdf0cdab1abdea9f6b3211a", "2c851507f8c99a9d05b6548d04f7277048f6fe4bcc713bf87ddb7f610746cb20", "2eee9889497949585765001569c3c2b5a70baaf8ee48b576c1fb081b53ad6baa", "307189a70462950351330f5baaedb14823240df147ea776b59033037e105cef6", "c2d6c1f0c8f19d8587fd9ecd030720a10a1f085db1cf316903be2b9b58cda77a", "c58aa19db80d0dff726431db13f1c2a95128275de0e2806c5b8dc47cad7e3796"], "name": "GLOBAL\\{<random GUID>}"}], "registry": []}, "reports_count": 35}, "Win.Packed.Ponystealer-9793711-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["5d9a855b3b1105c14cc5ce1b9d80f9904b9cdd62c7652c86f405dac033639a2c", "fe55c927526a30c63125a35e7314c8f2dd0f5337364b4ffe82e5a7ecb4bd3cb9", "82ac0eec7d75fa0ccf647598a6b1e1d2f05f36868af6752d3f6ef341a4ede727", "def31854cd9dabf69c8823feb2cbf7bbe33cc5be9f5963c2c9f7ee2d4d6a670f", "d34159c29d1b3b725f9799f3ae2313971ea26d400a9418783b6435687c2fab85", "90f372289763553e86944b3a2395ce146351fb896675a6913e3e836e3b51fa19", "69df736ab793e86f56654b9c9fc7f46e6a2befa83e81ddcc64c909c0e6bea71c", "f214b3e78e7775971e58404616674a1554978c3f8ea2504832b9acffd00905d6", "fa0d48a8cf59f3c6764da5cf1f028f5c2f00d5f4dce5b8f33e1990d6668bef37", "9d9e544f7bcb95927adcdd2f684cd13704c7d59b0543b420e0df0dc1b7c11710", "df83ce114d1517954b542cbf73438ac392fc003ee360f44bd1d8702e60210aee", "d192bc667329cf55ba529b5b1e475ed59343502aab2a6f31f9b2a74c8c6e7961", "cc646a466f4bd1481cbac99cf842f6dcbffc44d08399efdf1a8267e4d6cc8367", "f66eb92fcb5d0fd52cfa4cf52d3098882bae4ecca852bfd32e48b782e74b1891", "176b756dbc0dc4c7f5e997342d79437c45ced592457e4267afeb5a85e50d3ce5", "d2eeba627c23992a614e84e30a35e64129b911a80c5a99c373ab04467152441b", "0fd73c42bc2c2ac17fe2dda89ccfed5f01aff96ece37b777c4c9635b110e8d6f"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["5d9a855b3b1105c14cc5ce1b9d80f9904b9cdd62c7652c86f405dac033639a2c", "fe55c927526a30c63125a35e7314c8f2dd0f5337364b4ffe82e5a7ecb4bd3cb9", "82ac0eec7d75fa0ccf647598a6b1e1d2f05f36868af6752d3f6ef341a4ede727", "def31854cd9dabf69c8823feb2cbf7bbe33cc5be9f5963c2c9f7ee2d4d6a670f", "d34159c29d1b3b725f9799f3ae2313971ea26d400a9418783b6435687c2fab85", "90f372289763553e86944b3a2395ce146351fb896675a6913e3e836e3b51fa19", "69df736ab793e86f56654b9c9fc7f46e6a2befa83e81ddcc64c909c0e6bea71c", "f214b3e78e7775971e58404616674a1554978c3f8ea2504832b9acffd00905d6", "fa0d48a8cf59f3c6764da5cf1f028f5c2f00d5f4dce5b8f33e1990d6668bef37", "9d9e544f7bcb95927adcdd2f684cd13704c7d59b0543b420e0df0dc1b7c11710", "df83ce114d1517954b542cbf73438ac392fc003ee360f44bd1d8702e60210aee", "d192bc667329cf55ba529b5b1e475ed59343502aab2a6f31f9b2a74c8c6e7961", "cc646a466f4bd1481cbac99cf842f6dcbffc44d08399efdf1a8267e4d6cc8367", "f66eb92fcb5d0fd52cfa4cf52d3098882bae4ecca852bfd32e48b782e74b1891", "176b756dbc0dc4c7f5e997342d79437c45ced592457e4267afeb5a85e50d3ce5", "d2eeba627c23992a614e84e30a35e64129b911a80c5a99c373ab04467152441b", "0fd73c42bc2c2ac17fe2dda89ccfed5f01aff96ece37b777c4c9635b110e8d6f"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["5d9a855b3b1105c14cc5ce1b9d80f9904b9cdd62c7652c86f405dac033639a2c", "fe55c927526a30c63125a35e7314c8f2dd0f5337364b4ffe82e5a7ecb4bd3cb9", "82ac0eec7d75fa0ccf647598a6b1e1d2f05f36868af6752d3f6ef341a4ede727", "def31854cd9dabf69c8823feb2cbf7bbe33cc5be9f5963c2c9f7ee2d4d6a670f", "d34159c29d1b3b725f9799f3ae2313971ea26d400a9418783b6435687c2fab85", "90f372289763553e86944b3a2395ce146351fb896675a6913e3e836e3b51fa19", "69df736ab793e86f56654b9c9fc7f46e6a2befa83e81ddcc64c909c0e6bea71c", "f214b3e78e7775971e58404616674a1554978c3f8ea2504832b9acffd00905d6", "fa0d48a8cf59f3c6764da5cf1f028f5c2f00d5f4dce5b8f33e1990d6668bef37", "9d9e544f7bcb95927adcdd2f684cd13704c7d59b0543b420e0df0dc1b7c11710", "df83ce114d1517954b542cbf73438ac392fc003ee360f44bd1d8702e60210aee", "d192bc667329cf55ba529b5b1e475ed59343502aab2a6f31f9b2a74c8c6e7961", "cc646a466f4bd1481cbac99cf842f6dcbffc44d08399efdf1a8267e4d6cc8367", "f66eb92fcb5d0fd52cfa4cf52d3098882bae4ecca852bfd32e48b782e74b1891", "176b756dbc0dc4c7f5e997342d79437c45ced592457e4267afeb5a85e50d3ce5", "d2eeba627c23992a614e84e30a35e64129b911a80c5a99c373ab04467152441b", "0fd73c42bc2c2ac17fe2dda89ccfed5f01aff96ece37b777c4c9635b110e8d6f"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["5d9a855b3b1105c14cc5ce1b9d80f9904b9cdd62c7652c86f405dac033639a2c", "fe55c927526a30c63125a35e7314c8f2dd0f5337364b4ffe82e5a7ecb4bd3cb9", "82ac0eec7d75fa0ccf647598a6b1e1d2f05f36868af6752d3f6ef341a4ede727", "def31854cd9dabf69c8823feb2cbf7bbe33cc5be9f5963c2c9f7ee2d4d6a670f", "d34159c29d1b3b725f9799f3ae2313971ea26d400a9418783b6435687c2fab85", "90f372289763553e86944b3a2395ce146351fb896675a6913e3e836e3b51fa19", "69df736ab793e86f56654b9c9fc7f46e6a2befa83e81ddcc64c909c0e6bea71c", "f214b3e78e7775971e58404616674a1554978c3f8ea2504832b9acffd00905d6", "fa0d48a8cf59f3c6764da5cf1f028f5c2f00d5f4dce5b8f33e1990d6668bef37", "9d9e544f7bcb95927adcdd2f684cd13704c7d59b0543b420e0df0dc1b7c11710", "df83ce114d1517954b542cbf73438ac392fc003ee360f44bd1d8702e60210aee", "d192bc667329cf55ba529b5b1e475ed59343502aab2a6f31f9b2a74c8c6e7961", "cc646a466f4bd1481cbac99cf842f6dcbffc44d08399efdf1a8267e4d6cc8367", "f66eb92fcb5d0fd52cfa4cf52d3098882bae4ecca852bfd32e48b782e74b1891", "176b756dbc0dc4c7f5e997342d79437c45ced592457e4267afeb5a85e50d3ce5", "d2eeba627c23992a614e84e30a35e64129b911a80c5a99c373ab04467152441b", "0fd73c42bc2c2ac17fe2dda89ccfed5f01aff96ece37b777c4c9635b110e8d6f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-resource-lang-russian", "hashes": ["5d9a855b3b1105c14cc5ce1b9d80f9904b9cdd62c7652c86f405dac033639a2c", "fe55c927526a30c63125a35e7314c8f2dd0f5337364b4ffe82e5a7ecb4bd3cb9", "82ac0eec7d75fa0ccf647598a6b1e1d2f05f36868af6752d3f6ef341a4ede727", "def31854cd9dabf69c8823feb2cbf7bbe33cc5be9f5963c2c9f7ee2d4d6a670f", "d34159c29d1b3b725f9799f3ae2313971ea26d400a9418783b6435687c2fab85", "90f372289763553e86944b3a2395ce146351fb896675a6913e3e836e3b51fa19", "69df736ab793e86f56654b9c9fc7f46e6a2befa83e81ddcc64c909c0e6bea71c", "f214b3e78e7775971e58404616674a1554978c3f8ea2504832b9acffd00905d6", "fa0d48a8cf59f3c6764da5cf1f028f5c2f00d5f4dce5b8f33e1990d6668bef37", "9d9e544f7bcb95927adcdd2f684cd13704c7d59b0543b420e0df0dc1b7c11710", "df83ce114d1517954b542cbf73438ac392fc003ee360f44bd1d8702e60210aee", "d192bc667329cf55ba529b5b1e475ed59343502aab2a6f31f9b2a74c8c6e7961", "cc646a466f4bd1481cbac99cf842f6dcbffc44d08399efdf1a8267e4d6cc8367", "f66eb92fcb5d0fd52cfa4cf52d3098882bae4ecca852bfd32e48b782e74b1891", "176b756dbc0dc4c7f5e997342d79437c45ced592457e4267afeb5a85e50d3ce5", "d2eeba627c23992a614e84e30a35e64129b911a80c5a99c373ab04467152441b", "0fd73c42bc2c2ac17fe2dda89ccfed5f01aff96ece37b777c4c9635b110e8d6f"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["5d9a855b3b1105c14cc5ce1b9d80f9904b9cdd62c7652c86f405dac033639a2c", "fe55c927526a30c63125a35e7314c8f2dd0f5337364b4ffe82e5a7ecb4bd3cb9", "82ac0eec7d75fa0ccf647598a6b1e1d2f05f36868af6752d3f6ef341a4ede727", "def31854cd9dabf69c8823feb2cbf7bbe33cc5be9f5963c2c9f7ee2d4d6a670f", "d34159c29d1b3b725f9799f3ae2313971ea26d400a9418783b6435687c2fab85", "90f372289763553e86944b3a2395ce146351fb896675a6913e3e836e3b51fa19", "69df736ab793e86f56654b9c9fc7f46e6a2befa83e81ddcc64c909c0e6bea71c", "f214b3e78e7775971e58404616674a1554978c3f8ea2504832b9acffd00905d6", "fa0d48a8cf59f3c6764da5cf1f028f5c2f00d5f4dce5b8f33e1990d6668bef37", "9d9e544f7bcb95927adcdd2f684cd13704c7d59b0543b420e0df0dc1b7c11710", "df83ce114d1517954b542cbf73438ac392fc003ee360f44bd1d8702e60210aee", "d192bc667329cf55ba529b5b1e475ed59343502aab2a6f31f9b2a74c8c6e7961", "cc646a466f4bd1481cbac99cf842f6dcbffc44d08399efdf1a8267e4d6cc8367", "f66eb92fcb5d0fd52cfa4cf52d3098882bae4ecca852bfd32e48b782e74b1891", "176b756dbc0dc4c7f5e997342d79437c45ced592457e4267afeb5a85e50d3ce5", "d2eeba627c23992a614e84e30a35e64129b911a80c5a99c373ab04467152441b", "0fd73c42bc2c2ac17fe2dda89ccfed5f01aff96ece37b777c4c9635b110e8d6f"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-header-timestamp-future", "hashes": ["5d9a855b3b1105c14cc5ce1b9d80f9904b9cdd62c7652c86f405dac033639a2c", "fe55c927526a30c63125a35e7314c8f2dd0f5337364b4ffe82e5a7ecb4bd3cb9", "82ac0eec7d75fa0ccf647598a6b1e1d2f05f36868af6752d3f6ef341a4ede727", "def31854cd9dabf69c8823feb2cbf7bbe33cc5be9f5963c2c9f7ee2d4d6a670f", "d34159c29d1b3b725f9799f3ae2313971ea26d400a9418783b6435687c2fab85", "90f372289763553e86944b3a2395ce146351fb896675a6913e3e836e3b51fa19", "69df736ab793e86f56654b9c9fc7f46e6a2befa83e81ddcc64c909c0e6bea71c", "f214b3e78e7775971e58404616674a1554978c3f8ea2504832b9acffd00905d6", "fa0d48a8cf59f3c6764da5cf1f028f5c2f00d5f4dce5b8f33e1990d6668bef37", "9d9e544f7bcb95927adcdd2f684cd13704c7d59b0543b420e0df0dc1b7c11710", "df83ce114d1517954b542cbf73438ac392fc003ee360f44bd1d8702e60210aee", "d192bc667329cf55ba529b5b1e475ed59343502aab2a6f31f9b2a74c8c6e7961", "cc646a466f4bd1481cbac99cf842f6dcbffc44d08399efdf1a8267e4d6cc8367", "f66eb92fcb5d0fd52cfa4cf52d3098882bae4ecca852bfd32e48b782e74b1891", "176b756dbc0dc4c7f5e997342d79437c45ced592457e4267afeb5a85e50d3ce5", "d2eeba627c23992a614e84e30a35e64129b911a80c5a99c373ab04467152441b", "0fd73c42bc2c2ac17fe2dda89ccfed5f01aff96ece37b777c4c9635b110e8d6f"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Ponystealer is known to steal credentials from more 100 different applications and may also install other malware such as a remote access trojan (RAT).", "hashes": ["0fd73c42bc2c2ac17fe2dda89ccfed5f01aff96ece37b777c4c9635b110e8d6f", "176b756dbc0dc4c7f5e997342d79437c45ced592457e4267afeb5a85e50d3ce5", "5d9a855b3b1105c14cc5ce1b9d80f9904b9cdd62c7652c86f405dac033639a2c", "69df736ab793e86f56654b9c9fc7f46e6a2befa83e81ddcc64c909c0e6bea71c", "82ac0eec7d75fa0ccf647598a6b1e1d2f05f36868af6752d3f6ef341a4ede727", "90f372289763553e86944b3a2395ce146351fb896675a6913e3e836e3b51fa19", "9d9e544f7bcb95927adcdd2f684cd13704c7d59b0543b420e0df0dc1b7c11710", "cc646a466f4bd1481cbac99cf842f6dcbffc44d08399efdf1a8267e4d6cc8367", "d192bc667329cf55ba529b5b1e475ed59343502aab2a6f31f9b2a74c8c6e7961", "d2eeba627c23992a614e84e30a35e64129b911a80c5a99c373ab04467152441b", "d34159c29d1b3b725f9799f3ae2313971ea26d400a9418783b6435687c2fab85", "def31854cd9dabf69c8823feb2cbf7bbe33cc5be9f5963c2c9f7ee2d4d6a670f", "df83ce114d1517954b542cbf73438ac392fc003ee360f44bd1d8702e60210aee", "f214b3e78e7775971e58404616674a1554978c3f8ea2504832b9acffd00905d6", "f66eb92fcb5d0fd52cfa4cf52d3098882bae4ecca852bfd32e48b782e74b1891", "fa0d48a8cf59f3c6764da5cf1f028f5c2f00d5f4dce5b8f33e1990d6668bef37", "fe55c927526a30c63125a35e7314c8f2dd0f5337364b4ffe82e5a7ecb4bd3cb9"], "iocs": {"domain": [{"hashes": ["0fd73c42bc2c2ac17fe2dda89ccfed5f01aff96ece37b777c4c9635b110e8d6f", "176b756dbc0dc4c7f5e997342d79437c45ced592457e4267afeb5a85e50d3ce5", "5d9a855b3b1105c14cc5ce1b9d80f9904b9cdd62c7652c86f405dac033639a2c", "82ac0eec7d75fa0ccf647598a6b1e1d2f05f36868af6752d3f6ef341a4ede727", "90f372289763553e86944b3a2395ce146351fb896675a6913e3e836e3b51fa19", "9d9e544f7bcb95927adcdd2f684cd13704c7d59b0543b420e0df0dc1b7c11710", "cc646a466f4bd1481cbac99cf842f6dcbffc44d08399efdf1a8267e4d6cc8367", "d192bc667329cf55ba529b5b1e475ed59343502aab2a6f31f9b2a74c8c6e7961", "d34159c29d1b3b725f9799f3ae2313971ea26d400a9418783b6435687c2fab85", "df83ce114d1517954b542cbf73438ac392fc003ee360f44bd1d8702e60210aee", "f214b3e78e7775971e58404616674a1554978c3f8ea2504832b9acffd00905d6", "f66eb92fcb5d0fd52cfa4cf52d3098882bae4ecca852bfd32e48b782e74b1891", "fa0d48a8cf59f3c6764da5cf1f028f5c2f00d5f4dce5b8f33e1990d6668bef37", "fe55c927526a30c63125a35e7314c8f2dd0f5337364b4ffe82e5a7ecb4bd3cb9"], "host": "firearmengraving[.]com"}, {"hashes": ["0fd73c42bc2c2ac17fe2dda89ccfed5f01aff96ece37b777c4c9635b110e8d6f", "176b756dbc0dc4c7f5e997342d79437c45ced592457e4267afeb5a85e50d3ce5", "5d9a855b3b1105c14cc5ce1b9d80f9904b9cdd62c7652c86f405dac033639a2c", "82ac0eec7d75fa0ccf647598a6b1e1d2f05f36868af6752d3f6ef341a4ede727", "90f372289763553e86944b3a2395ce146351fb896675a6913e3e836e3b51fa19", "9d9e544f7bcb95927adcdd2f684cd13704c7d59b0543b420e0df0dc1b7c11710", "cc646a466f4bd1481cbac99cf842f6dcbffc44d08399efdf1a8267e4d6cc8367", "d192bc667329cf55ba529b5b1e475ed59343502aab2a6f31f9b2a74c8c6e7961", "d34159c29d1b3b725f9799f3ae2313971ea26d400a9418783b6435687c2fab85", "df83ce114d1517954b542cbf73438ac392fc003ee360f44bd1d8702e60210aee", "f214b3e78e7775971e58404616674a1554978c3f8ea2504832b9acffd00905d6", "f66eb92fcb5d0fd52cfa4cf52d3098882bae4ecca852bfd32e48b782e74b1891", "fa0d48a8cf59f3c6764da5cf1f028f5c2f00d5f4dce5b8f33e1990d6668bef37", "fe55c927526a30c63125a35e7314c8f2dd0f5337364b4ffe82e5a7ecb4bd3cb9"], "host": "supersolar[.]jo"}, {"hashes": ["0fd73c42bc2c2ac17fe2dda89ccfed5f01aff96ece37b777c4c9635b110e8d6f", "176b756dbc0dc4c7f5e997342d79437c45ced592457e4267afeb5a85e50d3ce5", "5d9a855b3b1105c14cc5ce1b9d80f9904b9cdd62c7652c86f405dac033639a2c", "82ac0eec7d75fa0ccf647598a6b1e1d2f05f36868af6752d3f6ef341a4ede727", "90f372289763553e86944b3a2395ce146351fb896675a6913e3e836e3b51fa19", "9d9e544f7bcb95927adcdd2f684cd13704c7d59b0543b420e0df0dc1b7c11710", "cc646a466f4bd1481cbac99cf842f6dcbffc44d08399efdf1a8267e4d6cc8367", "d192bc667329cf55ba529b5b1e475ed59343502aab2a6f31f9b2a74c8c6e7961", "d34159c29d1b3b725f9799f3ae2313971ea26d400a9418783b6435687c2fab85", "df83ce114d1517954b542cbf73438ac392fc003ee360f44bd1d8702e60210aee", "f214b3e78e7775971e58404616674a1554978c3f8ea2504832b9acffd00905d6", "f66eb92fcb5d0fd52cfa4cf52d3098882bae4ecca852bfd32e48b782e74b1891", "fa0d48a8cf59f3c6764da5cf1f028f5c2f00d5f4dce5b8f33e1990d6668bef37", "fe55c927526a30c63125a35e7314c8f2dd0f5337364b4ffe82e5a7ecb4bd3cb9"], "host": "dcore[.]co[.]th"}, {"hashes": ["0fd73c42bc2c2ac17fe2dda89ccfed5f01aff96ece37b777c4c9635b110e8d6f", "176b756dbc0dc4c7f5e997342d79437c45ced592457e4267afeb5a85e50d3ce5", "5d9a855b3b1105c14cc5ce1b9d80f9904b9cdd62c7652c86f405dac033639a2c", "82ac0eec7d75fa0ccf647598a6b1e1d2f05f36868af6752d3f6ef341a4ede727", "90f372289763553e86944b3a2395ce146351fb896675a6913e3e836e3b51fa19", "9d9e544f7bcb95927adcdd2f684cd13704c7d59b0543b420e0df0dc1b7c11710", "cc646a466f4bd1481cbac99cf842f6dcbffc44d08399efdf1a8267e4d6cc8367", "d192bc667329cf55ba529b5b1e475ed59343502aab2a6f31f9b2a74c8c6e7961", "d34159c29d1b3b725f9799f3ae2313971ea26d400a9418783b6435687c2fab85", "df83ce114d1517954b542cbf73438ac392fc003ee360f44bd1d8702e60210aee", "f214b3e78e7775971e58404616674a1554978c3f8ea2504832b9acffd00905d6", "f66eb92fcb5d0fd52cfa4cf52d3098882bae4ecca852bfd32e48b782e74b1891", "fa0d48a8cf59f3c6764da5cf1f028f5c2f00d5f4dce5b8f33e1990d6668bef37", "fe55c927526a30c63125a35e7314c8f2dd0f5337364b4ffe82e5a7ecb4bd3cb9"], "host": "antonolsve[.]com"}, {"hashes": ["0fd73c42bc2c2ac17fe2dda89ccfed5f01aff96ece37b777c4c9635b110e8d6f", "176b756dbc0dc4c7f5e997342d79437c45ced592457e4267afeb5a85e50d3ce5", "5d9a855b3b1105c14cc5ce1b9d80f9904b9cdd62c7652c86f405dac033639a2c", "82ac0eec7d75fa0ccf647598a6b1e1d2f05f36868af6752d3f6ef341a4ede727", "90f372289763553e86944b3a2395ce146351fb896675a6913e3e836e3b51fa19", "9d9e544f7bcb95927adcdd2f684cd13704c7d59b0543b420e0df0dc1b7c11710", "cc646a466f4bd1481cbac99cf842f6dcbffc44d08399efdf1a8267e4d6cc8367", "d192bc667329cf55ba529b5b1e475ed59343502aab2a6f31f9b2a74c8c6e7961", "d34159c29d1b3b725f9799f3ae2313971ea26d400a9418783b6435687c2fab85", "df83ce114d1517954b542cbf73438ac392fc003ee360f44bd1d8702e60210aee", "f214b3e78e7775971e58404616674a1554978c3f8ea2504832b9acffd00905d6", "f66eb92fcb5d0fd52cfa4cf52d3098882bae4ecca852bfd32e48b782e74b1891", "fa0d48a8cf59f3c6764da5cf1f028f5c2f00d5f4dce5b8f33e1990d6668bef37", "fe55c927526a30c63125a35e7314c8f2dd0f5337364b4ffe82e5a7ecb4bd3cb9"], "host": "elearning[.]everpharma[.]com"}, {"hashes": ["0fd73c42bc2c2ac17fe2dda89ccfed5f01aff96ece37b777c4c9635b110e8d6f", "176b756dbc0dc4c7f5e997342d79437c45ced592457e4267afeb5a85e50d3ce5", "5d9a855b3b1105c14cc5ce1b9d80f9904b9cdd62c7652c86f405dac033639a2c", "82ac0eec7d75fa0ccf647598a6b1e1d2f05f36868af6752d3f6ef341a4ede727", "90f372289763553e86944b3a2395ce146351fb896675a6913e3e836e3b51fa19", "9d9e544f7bcb95927adcdd2f684cd13704c7d59b0543b420e0df0dc1b7c11710", "cc646a466f4bd1481cbac99cf842f6dcbffc44d08399efdf1a8267e4d6cc8367", "d192bc667329cf55ba529b5b1e475ed59343502aab2a6f31f9b2a74c8c6e7961", "d34159c29d1b3b725f9799f3ae2313971ea26d400a9418783b6435687c2fab85", "df83ce114d1517954b542cbf73438ac392fc003ee360f44bd1d8702e60210aee", "f214b3e78e7775971e58404616674a1554978c3f8ea2504832b9acffd00905d6", "f66eb92fcb5d0fd52cfa4cf52d3098882bae4ecca852bfd32e48b782e74b1891", "fa0d48a8cf59f3c6764da5cf1f028f5c2f00d5f4dce5b8f33e1990d6668bef37", "fe55c927526a30c63125a35e7314c8f2dd0f5337364b4ffe82e5a7ecb4bd3cb9"], "host": "mindtimeshare[.]bs"}], "file": [{"hashes": ["0fd73c42bc2c2ac17fe2dda89ccfed5f01aff96ece37b777c4c9635b110e8d6f", "176b756dbc0dc4c7f5e997342d79437c45ced592457e4267afeb5a85e50d3ce5", "5d9a855b3b1105c14cc5ce1b9d80f9904b9cdd62c7652c86f405dac033639a2c", "69df736ab793e86f56654b9c9fc7f46e6a2befa83e81ddcc64c909c0e6bea71c", "82ac0eec7d75fa0ccf647598a6b1e1d2f05f36868af6752d3f6ef341a4ede727", "90f372289763553e86944b3a2395ce146351fb896675a6913e3e836e3b51fa19", "9d9e544f7bcb95927adcdd2f684cd13704c7d59b0543b420e0df0dc1b7c11710", "cc646a466f4bd1481cbac99cf842f6dcbffc44d08399efdf1a8267e4d6cc8367", "d192bc667329cf55ba529b5b1e475ed59343502aab2a6f31f9b2a74c8c6e7961", "d2eeba627c23992a614e84e30a35e64129b911a80c5a99c373ab04467152441b", "d34159c29d1b3b725f9799f3ae2313971ea26d400a9418783b6435687c2fab85", "def31854cd9dabf69c8823feb2cbf7bbe33cc5be9f5963c2c9f7ee2d4d6a670f", "df83ce114d1517954b542cbf73438ac392fc003ee360f44bd1d8702e60210aee", "f214b3e78e7775971e58404616674a1554978c3f8ea2504832b9acffd00905d6", "f66eb92fcb5d0fd52cfa4cf52d3098882bae4ecca852bfd32e48b782e74b1891", "fa0d48a8cf59f3c6764da5cf1f028f5c2f00d5f4dce5b8f33e1990d6668bef37", "fe55c927526a30c63125a35e7314c8f2dd0f5337364b4ffe82e5a7ecb4bd3cb9"], "path": "%TEMP%\\<random, matching '[0-9]{5,6}'>.bat"}], "ip": [{"hashes": ["0fd73c42bc2c2ac17fe2dda89ccfed5f01aff96ece37b777c4c9635b110e8d6f", "176b756dbc0dc4c7f5e997342d79437c45ced592457e4267afeb5a85e50d3ce5", "5d9a855b3b1105c14cc5ce1b9d80f9904b9cdd62c7652c86f405dac033639a2c", "82ac0eec7d75fa0ccf647598a6b1e1d2f05f36868af6752d3f6ef341a4ede727", "90f372289763553e86944b3a2395ce146351fb896675a6913e3e836e3b51fa19", "9d9e544f7bcb95927adcdd2f684cd13704c7d59b0543b420e0df0dc1b7c11710", "cc646a466f4bd1481cbac99cf842f6dcbffc44d08399efdf1a8267e4d6cc8367", "d192bc667329cf55ba529b5b1e475ed59343502aab2a6f31f9b2a74c8c6e7961", "d34159c29d1b3b725f9799f3ae2313971ea26d400a9418783b6435687c2fab85", "df83ce114d1517954b542cbf73438ac392fc003ee360f44bd1d8702e60210aee", "f214b3e78e7775971e58404616674a1554978c3f8ea2504832b9acffd00905d6", "f66eb92fcb5d0fd52cfa4cf52d3098882bae4ecca852bfd32e48b782e74b1891", "fa0d48a8cf59f3c6764da5cf1f028f5c2f00d5f4dce5b8f33e1990d6668bef37", "fe55c927526a30c63125a35e7314c8f2dd0f5337364b4ffe82e5a7ecb4bd3cb9"], "ip": "23[.]227[.]38[.]65"}], "mutex": [], "registry": []}, "reports_count": 17}, "Win.Packed.Ruskill-9791575-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "3fbf79c5ffa710664255c233905f6a6b4a55b4ba065db7e3e8f16dfe224459de", "0867ad414f997b7333faa9d3abe2e3f034f9bbf5c79edf68b5ebb4d9dda7c802", "7ebd2bae76df766323980e7a277ae0b47e3444c1a18d1abe1cb64c05d0490e9c", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "d50eb0825365855c4d4bd030c2a6b57e627533ca68d1fa00a05ea8fbd2157b80", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c", "c853f03f54f344162f11ed6520ab121af5b8c6253b9f9d9277d1ff0fb1acc8e9", "389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "3fbf79c5ffa710664255c233905f6a6b4a55b4ba065db7e3e8f16dfe224459de", "0867ad414f997b7333faa9d3abe2e3f034f9bbf5c79edf68b5ebb4d9dda7c802", "7ebd2bae76df766323980e7a277ae0b47e3444c1a18d1abe1cb64c05d0490e9c", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "d50eb0825365855c4d4bd030c2a6b57e627533ca68d1fa00a05ea8fbd2157b80", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c", "c853f03f54f344162f11ed6520ab121af5b8c6253b9f9d9277d1ff0fb1acc8e9", "389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "3fbf79c5ffa710664255c233905f6a6b4a55b4ba065db7e3e8f16dfe224459de", "0867ad414f997b7333faa9d3abe2e3f034f9bbf5c79edf68b5ebb4d9dda7c802", "7ebd2bae76df766323980e7a277ae0b47e3444c1a18d1abe1cb64c05d0490e9c", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "d50eb0825365855c4d4bd030c2a6b57e627533ca68d1fa00a05ea8fbd2157b80", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c", "c853f03f54f344162f11ed6520ab121af5b8c6253b9f9d9277d1ff0fb1acc8e9", "389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-arabic", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "3fbf79c5ffa710664255c233905f6a6b4a55b4ba065db7e3e8f16dfe224459de", "0867ad414f997b7333faa9d3abe2e3f034f9bbf5c79edf68b5ebb4d9dda7c802", "7ebd2bae76df766323980e7a277ae0b47e3444c1a18d1abe1cb64c05d0490e9c", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "d50eb0825365855c4d4bd030c2a6b57e627533ca68d1fa00a05ea8fbd2157b80", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce", "c853f03f54f344162f11ed6520ab121af5b8c6253b9f9d9277d1ff0fb1acc8e9", "389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c", "389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c", "389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "created-executable-in-user-dir", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c", "389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c", "389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c", "389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "deleted-submitted-file", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c", "389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "mitre_attack_tags": ["TA0005", "T1070"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c", "389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "network-fast-flux-domain", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0", "ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c", "c853f03f54f344162f11ed6520ab121af5b8c6253b9f9d9277d1ff0fb1acc8e9"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0", "ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": []}, {"bi": "excessive-sample-duplication", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c", "389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c", "389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "nginx-webserver-detected", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c", "c853f03f54f344162f11ed6520ab121af5b8c6253b9f9d9277d1ff0fb1acc8e9"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c", "c853f03f54f344162f11ed6520ab121af5b8c6253b9f9d9277d1ff0fb1acc8e9"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-snort-protocol", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": []}, {"bi": "altered-sample-dns-flagged", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c", "c853f03f54f344162f11ed6520ab121af5b8c6253b9f9d9277d1ff0fb1acc8e9"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "network-dns-category-cnc", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": ["TA0011"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": []}, {"bi": "feed-public-ip-check-dns", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": []}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": []}, {"bi": "windows-util-schtask-generic", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "network-benign-process", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": ["TA0011", "TA0005", "T1055"]}, {"bi": "modified-file-on-usb", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": ["TA0008", "TA0003", "T1091"]}, {"bi": "sample-copied-to-usb", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": ["TA0008", "TA0003", "T1091"]}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "possible-dga-communication", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": ["TA0011", "TA0005", "T1483"]}, {"bi": "artifact-lnk-calls-cmd", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "process-requested-file-external-drive", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": ["TA0009", "T1025"]}, {"bi": "lnk-no-creation-date", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": ["TA0002", "T1064"]}, {"bi": "malware-ruskill-mutex-detected", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": []}, {"bi": "artifact-lnk-calls-cmd-exit", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-multiple-extensions", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-file-uploaded", "hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0", "ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0", "ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "network-snort-malware", "hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0", "ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "mitre_attack_tags": []}, {"bi": "benign-process-has-child", "hashes": ["978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "malware-dorkbot-mutex", "hashes": ["978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "altered-sample-snort-flagged", "hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "artifact-windows-task", "hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "cmd-exe-file-execution", "hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "pe-imports-psapi-dll", "hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "unsigned-roaming-execution", "hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "mitre_attack_tags": ["TA0005"]}, {"bi": "artifact-memory-vm-detect", "hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "process-hollowing-detected", "hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "pe-imports-toolhelp", "hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "process-uses-localhost-traffic", "hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "process-ping", "hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "mitre_attack_tags": ["TA0011", "TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "cmd-exe-file-deletion", "hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "feed-domain-banking", "hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "mitre_attack_tags": []}, {"bi": "dns-public-server-contacted", "hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "registry-hide-files", "hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "mitre_attack_tags": ["TA0005", "T1158"]}, {"bi": "registry-autorun-key-modified-nt", "hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "url-gate-php", "hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1489"]}, {"bi": "registry-disablesuac", "hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "mitre_attack_tags": ["TA0005", "TA0002", "TA0004", "T1088", "T1089"]}, {"bi": "registry-action-center-disabled", "hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "cta-match", "hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "mitre_attack_tags": []}, {"bi": "malware-chthonic-rat-detected", "hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "http-response-client-error", "hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "pe-resource-lang-russian", "hashes": ["0867ad414f997b7333faa9d3abe2e3f034f9bbf5c79edf68b5ebb4d9dda7c802"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["c853f03f54f344162f11ed6520ab121af5b8c6253b9f9d9277d1ff0fb1acc8e9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "hook-installed", "hashes": ["c853f03f54f344162f11ed6520ab121af5b8c6253b9f9d9277d1ff0fb1acc8e9"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "network-http-blank-user-agent", "hashes": ["c853f03f54f344162f11ed6520ab121af5b8c6253b9f9d9277d1ff0fb1acc8e9"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "artifact-pe-reflective-loading", "hashes": ["c853f03f54f344162f11ed6520ab121af5b8c6253b9f9d9277d1ff0fb1acc8e9"], "mitre_attack_tags": ["TA0005", "T1202"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Ruskill, also known as Dorkbot, is a botnet client aimed at stealing credentials and facilitating distributed denial-of-service (DDoS) attacks. It spreads via removable media and through instant messaging applications.", "hashes": ["0867ad414f997b7333faa9d3abe2e3f034f9bbf5c79edf68b5ebb4d9dda7c802", "0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "3fbf79c5ffa710664255c233905f6a6b4a55b4ba065db7e3e8f16dfe224459de", "7ebd2bae76df766323980e7a277ae0b47e3444c1a18d1abe1cb64c05d0490e9c", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "c853f03f54f344162f11ed6520ab121af5b8c6253b9f9d9277d1ff0fb1acc8e9", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0", "d50eb0825365855c4d4bd030c2a6b57e627533ca68d1fa00a05ea8fbd2157b80", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "iocs": {"domain": [{"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "host": "n[.]ezjhyxxbf[.]ru"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "host": "n[.]hmiblgoja[.]ru"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "host": "n[.]yxntnyrap[.]ru"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "host": "n[.]vbemnggcj[.]ru"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "host": "n[.]yqqufklho[.]ru"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "host": "n[.]oceardpku[.]ru"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "host": "n[.]zhgcuntif[.]ru"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "host": "n[.]jupoofsnc[.]ru"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "host": "n[.]kvupdstwh[.]ru"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "host": "n[.]aoyylwyxd[.]ru"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a"], "host": "n[.]spgpemwqk[.]ru"}, {"hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "host": "europe[.]pool[.]ntp[.]org"}, {"hashes": ["c853f03f54f344162f11ed6520ab121af5b8c6253b9f9d9277d1ff0fb1acc8e9"], "host": "bot[.]whatismyipaddress[.]com"}, {"hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5"], "host": "nutr3inomiranda1[.]com"}, {"hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5"], "host": "nutr3inomiranda4[.]com"}, {"hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5"], "host": "nutr3inomiranda2[.]com"}, {"hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5"], "host": "nutr3inomiranda5[.]com"}, {"hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5"], "host": "nutr3inomiranda3[.]com"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f"], "host": "api[.]wipmania[.]com"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f"], "host": "n[.]jntbxduhz[.]ru"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f"], "host": "n[.]lotys[.]ru"}, {"hashes": ["d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "host": "nutqauytv5a1113xyzf115zzz4[.]com"}, {"hashes": ["d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "host": "nutqauytva513xyzf11zzzzz0[.]com"}, {"hashes": ["d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "host": "nutqauytva6213xyzf112zzz1[.]com"}, {"hashes": ["d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "host": "nutqauytva1413xyzf114zzz3[.]com"}, {"hashes": ["d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "host": "nutqauytva9133xyzf113zzz2[.]com"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f"], "host": "n[.]zhjdwkpaz[.]ru"}, {"hashes": ["feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "host": "and30[.]blabladomdom[.]com"}, {"hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667"], "host": "and19[.]amainwrorldnancy1[.]com"}], "file": [{"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "path": "%APPDATA%\\WindowsUpdate"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "path": "\\$RECYCLE.BIN.lnk"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "path": "%TEMP%\\c731200"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "path": "%APPDATA%\\c731200"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "path": "\\System_Volume_Information.lnk"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "path": "\\jsdrpAj.exe"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "path": "%APPDATA%\\Update\\Explorer.exe"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "path": "%APPDATA%\\Update\\Update.exe"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "path": "%APPDATA%\\WindowsUpdate\\Updater.exe"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "path": "E:\\$RECYCLE.BIN.lnk"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "path": "%APPDATA%\\Microsoft\\Windows\\themes\\Eoawaa.exe"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "path": "E:\\System_Volume_Information.lnk"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "path": "E:\\c731200"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "path": "E:\\jsdrpAj.exe"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "path": "%APPDATA%\\Update"}, {"hashes": ["389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "path": "%TEMP%\\temp41.tmp"}, {"hashes": ["389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "path": "%APPDATA%\\WindowsUpdate\\Live.exe"}, {"hashes": ["389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "path": "%TEMP%\\apiSoftCA"}, {"hashes": ["389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "path": "%APPDATA%\\Windows Live"}, {"hashes": ["389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "path": "%APPDATA%\\Windows Live\\debug_cache_dump_2384394.dmp"}, {"hashes": ["389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "path": "%APPDATA%\\Windows Live\\pldufejsya.exe"}, {"hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "path": "%ProgramData%\\msodtyzm.exe"}, {"hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5", "d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "path": "%SystemRoot%\\kernel32.dll"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\Uxoioc.exe"}, {"hashes": ["d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "path": "%SystemRoot%\\Tasks\\alFSVWJB.job"}, {"hashes": ["d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "path": "%APPDATA%\\alFSVWJB\\hh.exe"}, {"hashes": ["d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "path": "%APPDATA%\\alFSVWJB"}, {"hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5"], "path": "%APPDATA%\\Xl5jVVxcVWIx"}, {"hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5"], "path": "%System32%\\Tasks\\Xl5jVVxcVWIx"}, {"hashes": ["d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "path": "%System32%\\Tasks\\alFSVWJB"}, {"hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5"], "path": "%SystemRoot%\\Tasks\\Xl5jVVxcVWIx.job"}, {"hashes": ["d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "path": "%APPDATA%\\alFSVWJB\\splwow64.exe"}, {"hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5"], "path": "%APPDATA%\\Xl5jVVxcVWIx\\bfsvc.exe"}, {"hashes": ["d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "path": "%TEMP%\\822339.exe"}, {"hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667"], "path": "%ProgramData%\\2619203465"}, {"hashes": ["feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "path": "%ProgramData%\\2619188583"}], "ip": [{"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "ip": "204[.]95[.]99[.]243"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "ip": "162[.]217[.]99[.]134"}, {"hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "ip": "104[.]215[.]148[.]63"}, {"hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "ip": "104[.]42[.]225[.]122"}, {"hashes": ["c853f03f54f344162f11ed6520ab121af5b8c6253b9f9d9277d1ff0fb1acc8e9"], "ip": "66[.]171[.]248[.]178"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f"], "ip": "212[.]83[.]168[.]196"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f"], "ip": "195[.]22[.]28[.]198"}, {"hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5"], "ip": "208[.]100[.]26[.]245"}, {"hashes": ["d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "ip": "103[.]234[.]36[.]148"}, {"hashes": ["d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "ip": "121[.]11[.]83[.]197"}, {"hashes": ["feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "ip": "131[.]211[.]8[.]244"}, {"hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667"], "ip": "176[.]9[.]102[.]215"}, {"hashes": ["c853f03f54f344162f11ed6520ab121af5b8c6253b9f9d9277d1ff0fb1acc8e9"], "ip": "95[.]165[.]168[.]168"}, {"hashes": ["d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "ip": "35[.]205[.]61[.]67"}], "mutex": [{"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "name": "FvLQ49I\u007f\u203a\u00ac{Ljj6m"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f"], "name": "c731200"}, {"hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5"], "name": "Xl5jVVxcVWIx"}, {"hashes": ["978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba"], "name": "1z2z3reas34534543233245x6"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f"], "name": "SVCHOST_MUTEX_OBJECT_RELEASED_c0009X00GOAL"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f"], "name": "SSLOADasdasc000900"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f"], "name": "-9caf4c3fMutex"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f"], "name": "FvLQ49I   {Ljj6m"}, {"hashes": ["d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "name": "alFSVWJB"}, {"hashes": ["c853f03f54f344162f11ed6520ab121af5b8c6253b9f9d9277d1ff0fb1acc8e9"], "name": "{9E3C146B-9ECE-17D5-CF30-7364D9E21D36}"}], "registry": [{"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "BCSSync"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Eoawaa"}, {"hashes": ["1889effebe3a7f1407213329aad49b56bb1f3ecae8bfaf7b6849facea00f1c3f", "85abb6236217efedc745b2fde949ae33b02f77fb818716950df6098df2e23cd0", "a461ffa8940ba03f46df16259751f41c7d0d90a34453bfe285de55c9197c5155", "ab5600459af2afcd0c79f358718b283388cb3557f43bf04238d32b55f51cec6a", "aeb242d85750ddf79e0a4866d0b9be2e81906c63ecaf6311673b94ef5343fb5c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Update Installer"}, {"hashes": ["389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "key": "<HKCU>\\SOFTWARE\\UAZI SOFT", "value_name": "UaziVer"}, {"hashes": ["389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Live Installer"}, {"hashes": ["389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "Windows Live"}, {"hashes": ["389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Live"}, {"hashes": ["389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["389b78331f23a3387251866370bc4496ddd1ec318d0001b9b8035a6cf6af959a", "978cac42a8d2648e1cd547bd36be0bd201b2307c94351b8e27468e5d1a4d3fba", "bce6e5772c65106b04ffcd76362464dd3f9460371f42fbcf3eeb60987e457668", "d7a4696124e448bfa7c53840d90bad9731f1df9a382434c2f5f38af654e22655"], "key": "<HKCU>\\SOFTWARE\\UAZI SOFT", "value_name": null}, {"hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "Hidden"}, {"hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLUA"}, {"hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Start"}, {"hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "ShowSuperHidden"}, {"hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "Start"}, {"hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "HideSCAHealth"}, {"hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "HideSCAHealth"}, {"hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV", "value_name": "Start"}, {"hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "TaskbarNoNotification"}, {"hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "TaskbarNoNotification"}, {"hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "1081297374"}, {"hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS", "value_name": "Load"}, {"hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1081297374"}, {"hashes": ["ae0c673341c4c5cc427d9576f8048755f8f6d8429c251d01f8b9949d63731667", "feb57db90346fc97e9b285f7f242268b4ad4e81d4e6e5fcbb39eda0f64d581ce"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["d0c627268431282d4c33acd576f6bcc2e65d625f74da2f41e564137e41d7b5f0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "splwow64.exe"}, {"hashes": ["0a53aa6b252e373862493e0ade61d53faa706b041fd0ae091b667b92a1808bb5"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "bfsvc.exe"}]}, "reports_count": 18}, "Win.Packed.Ursnif-9793771-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "cmd-exe-file-execution", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "pe-resource-lang-russian", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": []}, {"bi": "malware-ursnif-detected", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": []}, {"bi": "malware-ursnif-bypass-check-detected", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "network-fast-flux-domain", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-http-blank-user-agent", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "process-svchost-suspicious-launch", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": ["TA0005"]}, {"bi": "files-deleted-used-batch", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "http-response-redirect", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": []}, {"bi": "malware-compound-cta-activity", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119"]}, {"bi": "registry-large-data-entry", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "script-contains-url", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047"], "mitre_attack_tags": []}, {"bi": "firefox-prefs-modified", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047"], "mitre_attack_tags": ["TA0009"]}, {"bi": "malware-gozi-mutex", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047"], "mitre_attack_tags": []}, {"bi": "enumeration-email-program-information", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119", "T1114"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047"], "mitre_attack_tags": []}, {"bi": "files-created-batch", "hashes": ["4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3"], "mitre_attack_tags": ["TA0002", "T1064"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Ursnif is used to steal sensitive information from an infected host and can also act as a malware downloader. It is commonly spread through malicious emails or exploit kits.", "hashes": ["025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "iocs": {"domain": [{"hashes": ["1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "host": "www[.]ietf[.]org"}, {"hashes": ["1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "host": "trdsabstraction[.]info"}], "file": [{"hashes": ["025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "path": "%APPDATA%\\ds32mapi"}, {"hashes": ["025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "path": "%APPDATA%\\ds32mapi\\dhcpxva2.exe"}, {"hashes": ["025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "path": "%TEMP%\\<random, matching [A-F0-9]{3,4}>"}, {"hashes": ["025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "path": "%TEMP%\\<random, matching [A-F0-9]{3,4}\\[A-F0-9]{2,4}>.bat"}, {"hashes": ["1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\prefs.js"}, {"hashes": ["1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "path": "\\{4BC230AC-2EB3-B560-90AF-42B9C45396FD}"}, {"hashes": ["035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa"], "path": "%TEMP%\\11B0\\88D8.tmp"}, {"hashes": ["8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0"], "path": "%TEMP%\\DE32\\EF19.tmp"}, {"hashes": ["5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f"], "path": "%TEMP%\\E66\\8733.tmp"}, {"hashes": ["025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2"], "path": "%TEMP%\\E026\\F013.tmp"}, {"hashes": ["224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7"], "path": "%TEMP%\\FE02\\FF01.tmp"}, {"hashes": ["f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "path": "%TEMP%\\FA98\\FD4C.tmp"}, {"hashes": ["7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb"], "path": "%TEMP%\\7310\\B988.tmp"}, {"hashes": ["23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4"], "path": "%TEMP%\\DD96\\EECB.tmp"}, {"hashes": ["1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a"], "path": "%TEMP%\\FC8A\\FE45.tmp"}, {"hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466"], "path": "%TEMP%\\F5B8\\FAEB.tmp"}, {"hashes": ["7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5"], "path": "%TEMP%\\71BA\\B8DD.tmp"}, {"hashes": ["605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047"], "path": "%TEMP%\\4472\\2239.tmp"}, {"hashes": ["8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5"], "path": "%TEMP%\\CD0\\8668.tmp"}, {"hashes": ["2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1"], "path": "%TEMP%\\4608\\2304.tmp"}], "ip": [{"hashes": ["224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9"], "ip": "104[.]16[.]45[.]99"}, {"hashes": ["1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "ip": "104[.]16[.]44[.]99"}, {"hashes": ["025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5"], "ip": "204[.]79[.]197[.]200"}], "mutex": [{"hashes": ["1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "name": "{<random GUID>}"}, {"hashes": ["1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "name": "Local\\{57025AD2-CABB-A1F8-8C7B-9E6580DFB269}"}, {"hashes": ["1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "name": "Local\\{7FD07DA6-D223-0971-D423-264D4807BAD1}"}, {"hashes": ["1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "name": "Local\\{B1443895-5CF6-0B1E-EE75-506F02798413}"}, {"hashes": ["1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "name": "{EF12DD09-8223-F98C-0493-D63D78776AC1}"}], "registry": [{"hashes": ["025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "appmmgmt"}, {"hashes": ["025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\MICROSOFT\\D31CC7AF-167C-7D04-B8B7-AA016CDB7EC5", "value_name": "Install"}, {"hashes": ["025b1406c05c082cdfd4449136451fafbae0a578bd89882acd0a551a6d3cc2b2", "035714518e248530b031257a62a4bd9a8066e28277f223b2264151ba0dcb9cfa", "1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "23ed8b64ae6587371438f1f60c37dd3015d21d3e16e7391ad4ddd736986bf4a4", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "2ce4ca4579e0c6384f70d4d471451b9de976dbbabf2273bb04fcf360228617d3", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "4831d4c2543e27e164599bd88ca1ec9d9e8bd34a095e635c8d8c05a6c0399948", "570518b7a38943c0d5ca6af87051096235699c3d81eb6f473b7ce0257719d6e4", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "732706ada05b6f361c26720ac8849113a8cba7bd886db27dd3c60dfae3736b80", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8194ef8e918c5e9eb4a63ba6429b647e1a75f85e304d723f90fbecbbbd3132b0", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "b783e059eff33edde6a6be28b4db220f44a7718c0ff186cf5f65df298c2dae35", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "d43fcc82467726e27de171718f95ba5bf198d02c8bfd5bf8dab0da67530640c9", "ea2ba17ff3b4ad2066ced30a7d8d0025348e24f858b86658ccce5774269f52a1", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\MICROSOFT\\D31CC7AF-167C-7D04-B8B7-AA016CDB7EC5", "value_name": null}, {"hashes": ["1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\IAM", "value_name": "Server ID"}, {"hashes": ["1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\MICROSOFT\\D31CC7AF-167C-7D04-B8B7-AA016CDB7EC5", "value_name": "Scr"}, {"hashes": ["1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\MICROSOFT\\D31CC7AF-167C-7D04-B8B7-AA016CDB7EC5", "value_name": "Temp"}, {"hashes": ["1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\MICROSOFT\\D31CC7AF-167C-7D04-B8B7-AA016CDB7EC5", "value_name": "Client"}, {"hashes": ["1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\MICROSOFT\\D31CC7AF-167C-7D04-B8B7-AA016CDB7EC5", "value_name": "{F50EA47E-D053-EF14-82F9-0493D63D7877}"}, {"hashes": ["1d0bcba0c91e94fb4e64ce98853b7f5392affc940c77b8c339d87893d74bfb5a", "224ed36aa31c2428abb59779b0dbbfbcae9a3df84ed960e09e9353ebba9172d7", "2503e31ca9c3e4ec6dc063aa9a1140b1303a9f66dd7b5b7140d5be9d235f6db1", "3c51529e11f3cff24bca191bb63e2100c0bbfb2d4aadf811eba7392378420450", "5cf36c582304c9551af42bf602b930ce37305512f15a6993c2085b44451d767f", "605a2b40806b1fad19321895150cf5506e4986812a39ac768209fc2dbec9d047", "7610203f9278087ff6c72f945e01f2881fe58bb21bb0148a6605db310396e8a5", "7981a3655c51c9af43baef37e26ae0705ac6bba4707d3e6f388032369ef40aeb", "8a346e3b7a4baf9e551acaaa2b9ad5b83677e0b363b7a24f3aa925eb7e3e98a5", "aa08751e0bcbfbf33376d5204bb76707a75a9155be508d10ffdcf79d75f2bafd", "bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466", "f2f64d0e363e61041580a6484fcd7031a7afc9862f860d0c9e594b746e82beb5"], "key": "<HKCU>\\SOFTWARE\\APPDATALOW\\SOFTWARE\\MICROSOFT\\D31CC7AF-167C-7D04-B8B7-AA016CDB7EC5", "value_name": "{6A4DAFE8-C11D-2C5C-9B3E-8520FF528954}"}, {"hashes": ["bd2fe3414b937a4c8aac6b2430b93e2435ff64908974dcb2b6b824fc41696466"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\\\PARAMETERS\\PORTKEYWORDS\\DHCP", "value_name": "Collection"}]}, "reports_count": 23}, "exprev": [{"count": 6479, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 2465, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 2213, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 1739, "description": "Smoke Loader has been detected. Smokeloader is used mainly to execute other malicious software, like ransomware or cryptocurrency miners. Its initial infection vector is usually an email with a malicious Microsoft Word document or delivered through an exploit kit. Smokeloader uses various plugins designed to steal data from its victims, particularly credentials stored on the system or transfered over HTTP, HTTPS, FTP, SMTP, POP3 or IMAP.", "name": "Smoke Loader detected"}, {"count": 1073, "description": "The certutil.exe utility has been detected downloading and executing a file. Upon execution, the downloaded file behaved suspiciously. The normal usage of certutil.exe involves retrieving certificate information. Attackers can use this utility to download additional malicious payloads.", "name": "Certutil.exe is downloading a file"}, {"count": 1013, "description": "Crystalbit-Apple DLL double hijack was detected. During this attack, the adversary abuses two legitimate vendor applications, such as CrystalBit and Apple, as part of a dll double hijack attack chain that starts with a fraudulent software bundle and eventually leads to a persistent miner and in some cases spyware deployment.", "name": "Crystalbit-Apple DLL double hijack detected"}, {"count": 779, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 617, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 513, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 321, "description": "An attempt to bypass application whitelisting via the \"Squiblydoo\" technique has been detected. This typically involves using regsvr32.exe to execute script content hosted on an attacker controlled server.", "name": "Squiblydoo application whitelist bypass attempt detected."}, {"count": 311, "description": "A process associated with Microsoft Office, such as EXCEL.exe or WINWORD.exe, has started a Windows utility such as powershell.exe or cmd.exe. This is typical behavior of malicious documents executing additional scripts. This behavior is extremely suspicious and is associated with many malware different malware campaigns and families.", "name": "A Microsoft Office process has started a windows utility."}, {"count": 233, "description": "Command line options indicating usage of XMRig Miner have been detected. Malware sometimes uses compromised hosts to mine for cryptocurrency on behalf of the attacker.", "name": "XMRig Miner Detected"}, {"count": 194, "description": "Trickbot is a banking Trojan which appeared in late 2016. Due to the similarities between Trickbot and Dyre, it is suspected some of the individuals responsible for Dyre are now responsible for Trickbot. Trickbot has been rapidly evolving over the months since it has appeared. However, Trickbot is still missing some of the capabilities Dyre possessed. Its current modules include DLL injection, system information gathering, and email searching.", "name": "Trickbot malware detected"}, {"count": 111, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 74, "description": "Maze ransomware has been detected injecting into rundll32.exe or regsvr32.exe. Maze can encrypt files on the victim and demand a ransom. It can also exfiltrate data back to the attacker prior to encryption.", "name": "Maze ransomware detected"}, {"count": 59, "description": "Bluestacks adware displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware has also been known to download and install malware.", "name": "Bluestacks adware detected"}, {"count": 22, "description": "An exploit payload intended to connect back to an attacker controlled host using tcp has been detected.", "name": "Reverse tcp payload detected"}, {"count": 20, "description": "Powershell.exe was detected attempting to inject code into notepad.exe. This is indicative of an attempt to hide malicious code in a notepad.exe process.", "name": "Powershell detected injecting into notepad.exe"}, {"count": 18, "description": "A process created a suspicious Atom, which is indicative of a known process injection technique called Atom Bombing. Atoms are Windows identifiers that associate a string with a 16-bit integer. These Atoms are accessible across processes when placed in the global Atom table. Malware exploits this by placing shell code as a global Atom, then accessing it through an Asynchronous Process Call (APC). A target process runs the APC function, which loads and runs the shellcode. The malware family Dridex is known to use Atom Bombing, but other threats may leverage it as well.", "name": "Atom Bombing code injection technique detected"}, {"count": 18, "description": "Tepfer malware has been detected. Tepfer is used to steal user data or download and execute additional programs. Stolen data can include FTP credentials, cloud storage service credentials, web browser cookies, and mail client data.", "name": "Tepfer detected"}, {"count": 17, "description": "An exploit payload intended to execute commands on an attacker controlled host using WinExec has been detected.", "name": "WinExec payload detected"}, {"count": 11, "description": "Fusion (or FusionPlayer) is an adware family that displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Fusion adware detected"}, {"count": 7, "description": "A malware dropper has been detected. A dropper will download or unpack addtional malware during it's execution. A variety of techniques can be employed for the payload to gain persistence and escalate privelege if neccessary.", "name": "Malware dropper detected"}, {"count": 5, "description": "Corebot is a Trojan with many capabilities found in other prominent families. It features a plugin system to enable it to load a variety of features from the C&C server at any time. Known plugins include RAT capabilities such as taking desktop screenshots, as well as being able to intercept and modify browser communications and steal data, especially data related to banking.", "name": "Corebot malware detected"}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2020-11-20T17:03:59+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Packed.Ponystealer-9793711-1", "Win.Packed.Ursnif-9793771-1", "Win.Dropper.NetWire-9791538-0", "Win.Packed.Ruskill-9791575-1", "Win.Malware.Trickbot-9791619-0", "Win.Dropper.Lokibot-9791657-0", "Win.Dropper.TinyBanker-9791753-0", "Win.Dropper.Kuluoz-9791754-0"]}