{"Doc.Malware.Valyria-10004248-0": {"bis": [{"bi": "antivirus-service-flagged-artifact", "hashes": ["730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181"], "mitre_attack_tags": []}, {"bi": "vba-document-open", "hashes": ["730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "document-contains-vba-macro", "hashes": ["730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181"], "mitre_attack_tags": ["TA0002", "TA0001", "T1559", "T1566"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "vba-document-uses-str-reverse", "hashes": ["730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "vba-creates-and-runs", "hashes": ["730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "vba-document-calls-shell", "hashes": ["730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "vba-document-uses-filesystemobject", "hashes": ["730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181"], "mitre_attack_tags": ["TA0007", "TA0040", "T1083", "T1565"]}, {"bi": "vba-document-uses-file-exists", "hashes": ["730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181"], "mitre_attack_tags": ["TA0007", "T1083"]}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Valyria is a malicious Microsoft Word document family that is used to distribute other malware, such as Emotet.", "hashes": ["107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02"], "iocs": {"domain": [], "file": [{"hashes": ["107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRD0000.doc"}, {"hashes": ["107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02"], "path": "%TEMP%\\<random, matching '[a-z]{3}[A-F0-9]{3,4}'>.tmp"}, {"hashes": ["78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f"], "path": "%TEMP%\\tstCB.tmp"}, {"hashes": ["7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b"], "path": "%TEMP%\\tst8A.tmp"}], "ip": [], "mutex": [{"hashes": ["107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02"], "name": "Local\\10MU_ACB10_S-1-5-5-0-67863"}, {"hashes": ["107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02"], "name": "Local\\10MU_ACBPIDS_S-1-5-5-0-67863"}, {"hashes": ["107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02"], "name": "Local\\WinSpl64To32Mutex_10960_0_3000"}], "registry": [{"hashes": ["107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\RECOVER", "value_name": "Name"}, {"hashes": ["107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\RECOVER", "value_name": "Path"}, {"hashes": ["107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\RECOVER", "value_name": "Extensions"}, {"hashes": ["107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WRDPRFCTDOS", "value_name": "Name"}, {"hashes": ["107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WRDPRFCTDOS", "value_name": "Path"}, {"hashes": ["107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WRDPRFCTDOS", "value_name": "Extensions"}, {"hashes": ["107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WORDPERFECT6X", "value_name": "Name"}, {"hashes": ["107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WORDPERFECT6X", "value_name": "Path"}, {"hashes": ["107479966d4b35898bdeb753a278f768f528f1c80c7f47b04e6edd03299213da", "1ba2125381e7bdead242b125c8738cd3f4f76461f49fbac4053ca16e485e4d98", "305ac4ccfa8247c18ee6d7438b0b827cd3438d577bd21d72c60c85b1b1f238a2", "3ed436702d2164ba3793c060aba4c59deb25a302937fbfe867b59f2f0500e9a7", "4995552476481e01376eb5cc12e37ae790901269426391a8858aa16e098188ed", "5d2587aa6f25a10fbd3b8fc785a45dba26e5af6e903be60c463260d9a23425e7", "6ff9a9af5fa5dfb6ef845bbf477c51f7f7f353a8a16db6934c30de79ce9e7816", "730bef2d9ab49edf6b7dd202eb53b9baf1d880e028c77a41bfc08624a28638a2", "78d2d231cd0148c921922c39f55567ef427a70be683d191b7bebebe4a33e6d1f", "7c9a7b2c38bd8cb013dbd0afa4dc04ed18192b446adce9b90f91e5a9fa63416b", "a16d9ce88f407d4b6206b8e2247cc34c1c06024ccae288cddffd538bccc0e4cd", "a451ede4494e70fc141fb41bab361e09a38999d2bc5d0892998b4776cea917e1", "c3544f8a454aa3e1607c27daf1e066f6a46b6ab825732b1cd5b91f03613dc299", "e18c7e50298f4d2376d4717b47c40d5cc1dc0420e067b689b2f2e89780de2212", "e46ed5ef523d86713e96e26c59bfcb74e3827088d99789f03cac8a994648d181", "ffaea1038257ef5cbdc371fecd200670002bf68e278130c3dba13476d61d2f02"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WORDPERFECT6X", "value_name": "Extensions"}]}, "reports_count": 16}, "Win.Dropper.Ap0calypseRAT-10004380-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1", "df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "4dc3b2af98444125472257b2f71757780e397aedb40d3bc2bef6e802f51c8fdb", "794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf", "22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1", "0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef", "0215d4876a89e1e97d9d16fcb8d4293b70874e880da2a790324f4ba1c89fa677", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636", "6c859987613e72c57035cfd1366c9459e3a9aab7c91ccdf1f62f72147b3403e1", "b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285", "4094a534c91356eb309950a2af41a71fa0946d0cd7805317add9301dff1a7c66", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "8575e16b50af09d45f8c41e53b6536e09eb9afbc8b64f28d53099e13a7e0a185"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1", "df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "4dc3b2af98444125472257b2f71757780e397aedb40d3bc2bef6e802f51c8fdb", "794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf", "22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1", "0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef", "0215d4876a89e1e97d9d16fcb8d4293b70874e880da2a790324f4ba1c89fa677", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636", "6c859987613e72c57035cfd1366c9459e3a9aab7c91ccdf1f62f72147b3403e1", "b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285", "4094a534c91356eb309950a2af41a71fa0946d0cd7805317add9301dff1a7c66", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "8575e16b50af09d45f8c41e53b6536e09eb9afbc8b64f28d53099e13a7e0a185"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1", "df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "4dc3b2af98444125472257b2f71757780e397aedb40d3bc2bef6e802f51c8fdb", "794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf", "22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1", "0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef", "0215d4876a89e1e97d9d16fcb8d4293b70874e880da2a790324f4ba1c89fa677", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636", "6c859987613e72c57035cfd1366c9459e3a9aab7c91ccdf1f62f72147b3403e1", "b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285", "4094a534c91356eb309950a2af41a71fa0946d0cd7805317add9301dff1a7c66", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "8575e16b50af09d45f8c41e53b6536e09eb9afbc8b64f28d53099e13a7e0a185"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1", "df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "4dc3b2af98444125472257b2f71757780e397aedb40d3bc2bef6e802f51c8fdb", "794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf", "22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1", "0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef", "0215d4876a89e1e97d9d16fcb8d4293b70874e880da2a790324f4ba1c89fa677", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636", "6c859987613e72c57035cfd1366c9459e3a9aab7c91ccdf1f62f72147b3403e1", "b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285", "4094a534c91356eb309950a2af41a71fa0946d0cd7805317add9301dff1a7c66", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "8575e16b50af09d45f8c41e53b6536e09eb9afbc8b64f28d53099e13a7e0a185"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1", "df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "4dc3b2af98444125472257b2f71757780e397aedb40d3bc2bef6e802f51c8fdb", "794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf", "22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1", "0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef", "0215d4876a89e1e97d9d16fcb8d4293b70874e880da2a790324f4ba1c89fa677", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636", "6c859987613e72c57035cfd1366c9459e3a9aab7c91ccdf1f62f72147b3403e1", "b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285", "4094a534c91356eb309950a2af41a71fa0946d0cd7805317add9301dff1a7c66", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "8575e16b50af09d45f8c41e53b6536e09eb9afbc8b64f28d53099e13a7e0a185"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-pe-no-dos", "hashes": ["ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1", "df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "4dc3b2af98444125472257b2f71757780e397aedb40d3bc2bef6e802f51c8fdb", "794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf", "22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1", "0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef", "0215d4876a89e1e97d9d16fcb8d4293b70874e880da2a790324f4ba1c89fa677", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636", "6c859987613e72c57035cfd1366c9459e3a9aab7c91ccdf1f62f72147b3403e1", "b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285", "4094a534c91356eb309950a2af41a71fa0946d0cd7805317add9301dff1a7c66", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "8575e16b50af09d45f8c41e53b6536e09eb9afbc8b64f28d53099e13a7e0a185"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1", "df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "4dc3b2af98444125472257b2f71757780e397aedb40d3bc2bef6e802f51c8fdb", "794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf", "22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1", "0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636", "6c859987613e72c57035cfd1366c9459e3a9aab7c91ccdf1f62f72147b3403e1", "b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285", "4094a534c91356eb309950a2af41a71fa0946d0cd7805317add9301dff1a7c66", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "8575e16b50af09d45f8c41e53b6536e09eb9afbc8b64f28d53099e13a7e0a185"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1", "df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "4dc3b2af98444125472257b2f71757780e397aedb40d3bc2bef6e802f51c8fdb", "794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf", "22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1", "0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636", "6c859987613e72c57035cfd1366c9459e3a9aab7c91ccdf1f62f72147b3403e1", "b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285", "4094a534c91356eb309950a2af41a71fa0946d0cd7805317add9301dff1a7c66", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "8575e16b50af09d45f8c41e53b6536e09eb9afbc8b64f28d53099e13a7e0a185"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1", "df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "4dc3b2af98444125472257b2f71757780e397aedb40d3bc2bef6e802f51c8fdb", "794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf", "22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1", "0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636", "6c859987613e72c57035cfd1366c9459e3a9aab7c91ccdf1f62f72147b3403e1", "b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285", "4094a534c91356eb309950a2af41a71fa0946d0cd7805317add9301dff1a7c66", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "8575e16b50af09d45f8c41e53b6536e09eb9afbc8b64f28d53099e13a7e0a185"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1", "df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "4dc3b2af98444125472257b2f71757780e397aedb40d3bc2bef6e802f51c8fdb", "794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf", "22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1", "0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636", "6c859987613e72c57035cfd1366c9459e3a9aab7c91ccdf1f62f72147b3403e1", "b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285", "4094a534c91356eb309950a2af41a71fa0946d0cd7805317add9301dff1a7c66", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "8575e16b50af09d45f8c41e53b6536e09eb9afbc8b64f28d53099e13a7e0a185"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1", "df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf", "22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1", "0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636", "6c859987613e72c57035cfd1366c9459e3a9aab7c91ccdf1f62f72147b3403e1", "b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285", "4094a534c91356eb309950a2af41a71fa0946d0cd7805317add9301dff1a7c66", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "8575e16b50af09d45f8c41e53b6536e09eb9afbc8b64f28d53099e13a7e0a185"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636", "b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1", "df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "4dc3b2af98444125472257b2f71757780e397aedb40d3bc2bef6e802f51c8fdb", "794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf", "22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1", "0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef", "b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "registry-autorun-key-modified", "hashes": ["df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf", "22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1", "0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "potential-registry-persistence", "hashes": ["ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316"], "mitre_attack_tags": ["TA0003"]}, {"bi": "pe-tls-callback", "hashes": ["ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-spanish", "hashes": ["cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1", "6c859987613e72c57035cfd1366c9459e3a9aab7c91ccdf1f62f72147b3403e1", "4094a534c91356eb309950a2af41a71fa0946d0cd7805317add9301dff1a7c66", "8575e16b50af09d45f8c41e53b6536e09eb9afbc8b64f28d53099e13a7e0a185"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef", "6c859987613e72c57035cfd1366c9459e3a9aab7c91ccdf1f62f72147b3403e1", "4094a534c91356eb309950a2af41a71fa0946d0cd7805317add9301dff1a7c66", "8575e16b50af09d45f8c41e53b6536e09eb9afbc8b64f28d53099e13a7e0a185"], "mitre_attack_tags": ["TA0005", "TA0007", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-ap0calypserat-path-detected", "hashes": ["ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-hollowing-detected", "hashes": ["cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-dos-header-paragraphs", "hashes": ["cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-initialsp", "hashes": ["cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-initialip", "hashes": ["cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-numofsymbols", "hashes": ["cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1"], "mitre_attack_tags": []}, {"bi": "pe-uses-dot-net", "hashes": ["22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1"], "mitre_attack_tags": []}, {"bi": "artifact-dotnet-user-settings", "hashes": ["22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "unsigned-roaming-execution", "hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-imports-toolhelp", "hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "usb-drive-autoplay-modification", "hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "modified-file-on-usb", "hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "windows-firewall-modification", "hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "file-ini-modified", "hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "mitre_attack_tags": ["TA0003"]}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "mitre_attack_tags": ["TA0005", "TA0002", "T1036", "T1569"]}, {"bi": "fake-explorer-process", "hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "process-requested-file-external-drive", "hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "mitre_attack_tags": ["TA0009", "T1025"]}, {"bi": "hook-installed", "hashes": ["b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-section-shared", "hashes": ["b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-trojan-xtreme-rat-registry-key", "hashes": ["b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Ap0calypseRAT is a Remote Access Trojan (RAT) that has many capabilities including arbitrary command execution, keylogging, remote desktop access and file exfiltration. This RAT has shown up periodically on underground forums and has been seen as an additional payload dropped by other malware families.", "hashes": ["0215d4876a89e1e97d9d16fcb8d4293b70874e880da2a790324f4ba1c89fa677", "0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1", "4094a534c91356eb309950a2af41a71fa0946d0cd7805317add9301dff1a7c66", "4dc3b2af98444125472257b2f71757780e397aedb40d3bc2bef6e802f51c8fdb", "6c859987613e72c57035cfd1366c9459e3a9aab7c91ccdf1f62f72147b3403e1", "794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "8575e16b50af09d45f8c41e53b6536e09eb9afbc8b64f28d53099e13a7e0a185", "b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636", "df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf"], "iocs": {"domain": [{"hashes": ["22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1"], "host": "smtp[.]gmail[.]com"}, {"hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "host": "irc[.]yetcar[.]com"}], "file": [{"hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1", "4094a534c91356eb309950a2af41a71fa0946d0cd7805317add9301dff1a7c66", "4dc3b2af98444125472257b2f71757780e397aedb40d3bc2bef6e802f51c8fdb", "6c859987613e72c57035cfd1366c9459e3a9aab7c91ccdf1f62f72147b3403e1", "794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "8575e16b50af09d45f8c41e53b6536e09eb9afbc8b64f28d53099e13a7e0a185", "b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636", "df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-2580483871-590521980-3826313501-500\\699c4b9cdebca7aaea5193cae8a50098_d19ab989-a35f-4710-83df-7b2db7efe7c5"}, {"hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1", "4094a534c91356eb309950a2af41a71fa0946d0cd7805317add9301dff1a7c66", "4dc3b2af98444125472257b2f71757780e397aedb40d3bc2bef6e802f51c8fdb", "6c859987613e72c57035cfd1366c9459e3a9aab7c91ccdf1f62f72147b3403e1", "794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "8575e16b50af09d45f8c41e53b6536e09eb9afbc8b64f28d53099e13a7e0a185", "b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636", "df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf"], "path": "%TEMP%\\FileTmp.exe"}, {"hashes": ["4094a534c91356eb309950a2af41a71fa0946d0cd7805317add9301dff1a7c66", "6c859987613e72c57035cfd1366c9459e3a9aab7c91ccdf1f62f72147b3403e1", "8575e16b50af09d45f8c41e53b6536e09eb9afbc8b64f28d53099e13a7e0a185", "cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1"], "path": "%APPDATA%\\chrtmp"}, {"hashes": ["794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636", "df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf"], "path": "%SystemRoot%\\SysWOW64\\krsr"}, {"hashes": ["794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636", "df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf"], "path": "%SystemRoot%\\SysWOW64\\krsr\\smss.exe"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "path": "%SystemRoot%\\apocalyps32.exe"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "path": "\\TEMP\\htm.htm"}, {"hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "path": "\\autorun.inf"}, {"hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "path": "\\DFGDFJJJJDFJDFJGFDJTURTURUTJJF\\DFG-2352-26235-2322322-624621221-2622255\\Desktop.ini"}, {"hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "path": "\\DFGDFJJJJDFJDFJGFDJTURTURUTJJF\\DFG-2352-26235-2322322-624621221-2622255\\usbBlock.exe"}, {"hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "path": "E:\\autorun.inf"}, {"hashes": ["b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285"], "path": "%TEMP%\\x.html"}, {"hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "path": "%APPDATA%\\explorer.exe"}, {"hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "path": "%TEMP%\\google_cache2.tmp"}, {"hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "path": "E:\\DFGDFJJJJDFJDFJGFDJTURTURUTJJF"}, {"hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "path": "E:\\DFGDFJJJJDFJDFJGFDJTURTURUTJJF\\DFG-2352-26235-2322322-624621221-2622255"}, {"hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "path": "E:\\DFGDFJJJJDFJDFJGFDJTURTURUTJJF\\DFG-2352-26235-2322322-624621221-2622255\\Desktop.ini"}, {"hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "path": "E:\\DFGDFJJJJDFJDFJGFDJTURTURUTJJF\\DFG-2352-26235-2322322-624621221-2622255\\usbBlock.exe"}, {"hashes": ["df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998"], "path": "%SystemRoot%\\SysWOW64\\krsr\\resim.jpg"}, {"hashes": ["cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-2580483871-590521980-3826313501-500\\02fc8fb78d4f7516019d9a99eaf6a46d_d19ab989-a35f-4710-83df-7b2db7efe7c5"}, {"hashes": ["22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1"], "path": "%LOCALAPPDATA%\\MicrosoftWindows"}, {"hashes": ["22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1"], "path": "%HOMEPATH%\\Desktop\\FileTmp.exe"}], "ip": [{"hashes": ["22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1"], "ip": "142[.]251[.]16[.]108"}], "mutex": [{"hashes": ["b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285"], "name": "4564654651321321231465245645645641231234"}, {"hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "name": "461231231232343F4CCJFJF"}], "registry": [{"hashes": ["0215d4876a89e1e97d9d16fcb8d4293b70874e880da2a790324f4ba1c89fa677", "0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1", "4094a534c91356eb309950a2af41a71fa0946d0cd7805317add9301dff1a7c66", "4dc3b2af98444125472257b2f71757780e397aedb40d3bc2bef6e802f51c8fdb", "6c859987613e72c57035cfd1366c9459e3a9aab7c91ccdf1f62f72147b3403e1", "794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "8575e16b50af09d45f8c41e53b6536e09eb9afbc8b64f28d53099e13a7e0a185", "b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636", "df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\PRODUCTNAME", "value_name": null}, {"hashes": ["0215d4876a89e1e97d9d16fcb8d4293b70874e880da2a790324f4ba1c89fa677", "0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef", "0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1", "4094a534c91356eb309950a2af41a71fa0946d0cd7805317add9301dff1a7c66", "4dc3b2af98444125472257b2f71757780e397aedb40d3bc2bef6e802f51c8fdb", "6c859987613e72c57035cfd1366c9459e3a9aab7c91ccdf1f62f72147b3403e1", "794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "8575e16b50af09d45f8c41e53b6536e09eb9afbc8b64f28d53099e13a7e0a185", "b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8", "cfa8b22f7a6fa856dbd0dc0b7e65f3158aaffa6f5250d56c3359a492ca1ab5b1", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636", "df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\PRODUCTNAME\\PRODUCTID", "value_name": null}, {"hashes": ["794e30e6c7ee69b90c7c11604894960b12d6e91c9beae00b6eb8afec385a13f3", "d71388aa0d24fe340538c4e5afb0a31fc9d0d6e2e1d5a00f593b01c08080d636", "df7a53b1caffc0b468a6d50e0e0e2702493ef0b6eb301f8056df68ecf77d0998", "eaab6cf6107294be0dcfa7e7b613f958292b44fcd81ab8cf0689ef8046691bbf"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "smss.exe"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "Grup"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "Ad"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "Sifre"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "Delay"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "MsgGoster"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "Metin"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "Baslik"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "Buton"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "Icon"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "Bindir"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "Dosyalar"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "Mutex"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "Baslangic"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "Anahtar"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "YuklenenDizin"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "ProgramAdi"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "ActiveX"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "Injecsiyon"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "Persistent"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "UserMode"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "KernelMode"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "SafeMode"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "Offline"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "Melt"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "OlderDate"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "DisableSafeMode"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "Hidden"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "System"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "Archive"}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": null}, {"hashes": ["0fafb3b24927a122e09d985b46892183525e8d2761a9664bd6c315077b8426e3", "ccb3df8c3b9282df23439b28521c55a02d6dbb26c5335649f5665a2c008fd316", "ce16cc3411128c2468e8aa4243e06966f13a1bc2d2e1e095cee27385e90793e8"], "key": "<HKCU>\\SOFTWARE\\APOCALYPS32", "value_name": "Baglantilar"}, {"hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE\\AUTHORIZEDAPPLICATIONS\\LIST", "value_name": null}, {"hashes": ["b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285"], "key": "<HKCU>\\SOFTWARE\\XTREMERAT", "value_name": null}, {"hashes": ["b2d844009088d53d786216d0e2fa7cae6f78e1c5bc0bbd13dde45793d768c285"], "key": "<HKCU>\\SOFTWARE\\XTREMERAT", "value_name": "Mutex"}, {"hashes": ["22935e7dd6dcac90dcb7bd7c8673d698cf0d9ce1ba17e9521972e6cab3108ba1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "aaa"}, {"hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "WindowsUpdate"}, {"hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "WindowsUpdate"}, {"hashes": ["0c280a807d5204b88c7b97a0e340dcb7ff02dbfd6624cc604810c827b19bf6ef"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE\\AUTHORIZEDAPPLICATIONS\\LIST", "value_name": "WindowsUpdate"}]}, "reports_count": 16}, "Win.Dropper.Kuluoz-10004513-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "e518df8e99ed5120dc21b215830872d164c361f772382e17054ad7e1c03b7749", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "31c10bfe9039675974640b3404fbbdccf660bbef3319ed011766f4e7e2dc6d48", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "c3087f4ebef7aa5ac5b209399a4a45e4e5988da2e5124f3967f2b765b736ce6b", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "ac097abc44ceac4f6f0b6a33e876a76284a9aad676ce924bda277925b3f12bf5", "42657321367294c31f060614894a0f13b1f38613cf3e013c94a835496e86a537", "b917589fa6394de51e2d957d056a2ad3bbe98008b7c0d80dfc34a9ef899ab7b6", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "95528ad474a06ae5c23200fac691561cae115466dd07e7f60cb5e9bf667443f5", "6ceeb2ab8b3d41fb927e0ffdcada6da07cac54124cdb8f0c9de15553a4254af5", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "f98fe265e3d49a10212f8f844677cb71fcbe73dd28fcad5ade1bbdf4a8c5e8cb", "fa94f3c28c812bdfd6ae0f7d130657ba242227de07d152fa8174a611ab7f70ea", "360e964ae4aaf043ea27780f20ab266bf55470e3d58fa20550c9f2c520823fbe", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "34861226330e4af50b8e03f6e9d8457ff1d1c9a7d3eeb1fc930a9f70a315dd54", "86497472773d474e05b8ecccc82dfd17d7a4ad6c38e6911d03d6956aedadd49a", "c7b65cca4f914602da625cdc2b73f558a9eae8d8868093b34374e86122487c9c", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "13f0e1860121210bdcfd59887053156fee80c0e7e61ad1b2109a3ca027060ef5", "ef90c5171cfd9c48b209ca4ffa40b803c1597aece9defa3c3c56dac3a066cafd", "a23c17fe1c893ac18bcc2d524adc6b8be07ee6ed2277701d2b43a1681ba60a29", "97fc7992ceecb79f0e43c702fc69a564941b9c909ffd422a7af6a8d1c575ffdd", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "e518df8e99ed5120dc21b215830872d164c361f772382e17054ad7e1c03b7749", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "31c10bfe9039675974640b3404fbbdccf660bbef3319ed011766f4e7e2dc6d48", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "c3087f4ebef7aa5ac5b209399a4a45e4e5988da2e5124f3967f2b765b736ce6b", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "ac097abc44ceac4f6f0b6a33e876a76284a9aad676ce924bda277925b3f12bf5", "42657321367294c31f060614894a0f13b1f38613cf3e013c94a835496e86a537", "b917589fa6394de51e2d957d056a2ad3bbe98008b7c0d80dfc34a9ef899ab7b6", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "95528ad474a06ae5c23200fac691561cae115466dd07e7f60cb5e9bf667443f5", "6ceeb2ab8b3d41fb927e0ffdcada6da07cac54124cdb8f0c9de15553a4254af5", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "f98fe265e3d49a10212f8f844677cb71fcbe73dd28fcad5ade1bbdf4a8c5e8cb", "fa94f3c28c812bdfd6ae0f7d130657ba242227de07d152fa8174a611ab7f70ea", "360e964ae4aaf043ea27780f20ab266bf55470e3d58fa20550c9f2c520823fbe", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "34861226330e4af50b8e03f6e9d8457ff1d1c9a7d3eeb1fc930a9f70a315dd54", "86497472773d474e05b8ecccc82dfd17d7a4ad6c38e6911d03d6956aedadd49a", "c7b65cca4f914602da625cdc2b73f558a9eae8d8868093b34374e86122487c9c", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "13f0e1860121210bdcfd59887053156fee80c0e7e61ad1b2109a3ca027060ef5", "ef90c5171cfd9c48b209ca4ffa40b803c1597aece9defa3c3c56dac3a066cafd", "a23c17fe1c893ac18bcc2d524adc6b8be07ee6ed2277701d2b43a1681ba60a29", "97fc7992ceecb79f0e43c702fc69a564941b9c909ffd422a7af6a8d1c575ffdd", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "e518df8e99ed5120dc21b215830872d164c361f772382e17054ad7e1c03b7749", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "31c10bfe9039675974640b3404fbbdccf660bbef3319ed011766f4e7e2dc6d48", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "c3087f4ebef7aa5ac5b209399a4a45e4e5988da2e5124f3967f2b765b736ce6b", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "ac097abc44ceac4f6f0b6a33e876a76284a9aad676ce924bda277925b3f12bf5", "42657321367294c31f060614894a0f13b1f38613cf3e013c94a835496e86a537", "b917589fa6394de51e2d957d056a2ad3bbe98008b7c0d80dfc34a9ef899ab7b6", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "95528ad474a06ae5c23200fac691561cae115466dd07e7f60cb5e9bf667443f5", "6ceeb2ab8b3d41fb927e0ffdcada6da07cac54124cdb8f0c9de15553a4254af5", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "f98fe265e3d49a10212f8f844677cb71fcbe73dd28fcad5ade1bbdf4a8c5e8cb", "fa94f3c28c812bdfd6ae0f7d130657ba242227de07d152fa8174a611ab7f70ea", "360e964ae4aaf043ea27780f20ab266bf55470e3d58fa20550c9f2c520823fbe", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "34861226330e4af50b8e03f6e9d8457ff1d1c9a7d3eeb1fc930a9f70a315dd54", "86497472773d474e05b8ecccc82dfd17d7a4ad6c38e6911d03d6956aedadd49a", "c7b65cca4f914602da625cdc2b73f558a9eae8d8868093b34374e86122487c9c", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "13f0e1860121210bdcfd59887053156fee80c0e7e61ad1b2109a3ca027060ef5", "ef90c5171cfd9c48b209ca4ffa40b803c1597aece9defa3c3c56dac3a066cafd", "a23c17fe1c893ac18bcc2d524adc6b8be07ee6ed2277701d2b43a1681ba60a29", "97fc7992ceecb79f0e43c702fc69a564941b9c909ffd422a7af6a8d1c575ffdd", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "e518df8e99ed5120dc21b215830872d164c361f772382e17054ad7e1c03b7749", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "31c10bfe9039675974640b3404fbbdccf660bbef3319ed011766f4e7e2dc6d48", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "c3087f4ebef7aa5ac5b209399a4a45e4e5988da2e5124f3967f2b765b736ce6b", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "ac097abc44ceac4f6f0b6a33e876a76284a9aad676ce924bda277925b3f12bf5", "42657321367294c31f060614894a0f13b1f38613cf3e013c94a835496e86a537", "b917589fa6394de51e2d957d056a2ad3bbe98008b7c0d80dfc34a9ef899ab7b6", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "95528ad474a06ae5c23200fac691561cae115466dd07e7f60cb5e9bf667443f5", "6ceeb2ab8b3d41fb927e0ffdcada6da07cac54124cdb8f0c9de15553a4254af5", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "f98fe265e3d49a10212f8f844677cb71fcbe73dd28fcad5ade1bbdf4a8c5e8cb", "fa94f3c28c812bdfd6ae0f7d130657ba242227de07d152fa8174a611ab7f70ea", "360e964ae4aaf043ea27780f20ab266bf55470e3d58fa20550c9f2c520823fbe", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "34861226330e4af50b8e03f6e9d8457ff1d1c9a7d3eeb1fc930a9f70a315dd54", "86497472773d474e05b8ecccc82dfd17d7a4ad6c38e6911d03d6956aedadd49a", "c7b65cca4f914602da625cdc2b73f558a9eae8d8868093b34374e86122487c9c", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "13f0e1860121210bdcfd59887053156fee80c0e7e61ad1b2109a3ca027060ef5", "ef90c5171cfd9c48b209ca4ffa40b803c1597aece9defa3c3c56dac3a066cafd", "a23c17fe1c893ac18bcc2d524adc6b8be07ee6ed2277701d2b43a1681ba60a29", "97fc7992ceecb79f0e43c702fc69a564941b9c909ffd422a7af6a8d1c575ffdd", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1"], "mitre_attack_tags": []}, {"bi": "process-svchost-suspicious-launch", "hashes": ["9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "e518df8e99ed5120dc21b215830872d164c361f772382e17054ad7e1c03b7749", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "31c10bfe9039675974640b3404fbbdccf660bbef3319ed011766f4e7e2dc6d48", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "c3087f4ebef7aa5ac5b209399a4a45e4e5988da2e5124f3967f2b765b736ce6b", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "ac097abc44ceac4f6f0b6a33e876a76284a9aad676ce924bda277925b3f12bf5", "42657321367294c31f060614894a0f13b1f38613cf3e013c94a835496e86a537", "b917589fa6394de51e2d957d056a2ad3bbe98008b7c0d80dfc34a9ef899ab7b6", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "95528ad474a06ae5c23200fac691561cae115466dd07e7f60cb5e9bf667443f5", "6ceeb2ab8b3d41fb927e0ffdcada6da07cac54124cdb8f0c9de15553a4254af5", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "f98fe265e3d49a10212f8f844677cb71fcbe73dd28fcad5ade1bbdf4a8c5e8cb", "fa94f3c28c812bdfd6ae0f7d130657ba242227de07d152fa8174a611ab7f70ea", "360e964ae4aaf043ea27780f20ab266bf55470e3d58fa20550c9f2c520823fbe", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "34861226330e4af50b8e03f6e9d8457ff1d1c9a7d3eeb1fc930a9f70a315dd54", "86497472773d474e05b8ecccc82dfd17d7a4ad6c38e6911d03d6956aedadd49a", "c7b65cca4f914602da625cdc2b73f558a9eae8d8868093b34374e86122487c9c", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "13f0e1860121210bdcfd59887053156fee80c0e7e61ad1b2109a3ca027060ef5", "ef90c5171cfd9c48b209ca4ffa40b803c1597aece9defa3c3c56dac3a066cafd", "a23c17fe1c893ac18bcc2d524adc6b8be07ee6ed2277701d2b43a1681ba60a29", "97fc7992ceecb79f0e43c702fc69a564941b9c909ffd422a7af6a8d1c575ffdd", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "e518df8e99ed5120dc21b215830872d164c361f772382e17054ad7e1c03b7749", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "31c10bfe9039675974640b3404fbbdccf660bbef3319ed011766f4e7e2dc6d48", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "c3087f4ebef7aa5ac5b209399a4a45e4e5988da2e5124f3967f2b765b736ce6b", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "ac097abc44ceac4f6f0b6a33e876a76284a9aad676ce924bda277925b3f12bf5", "42657321367294c31f060614894a0f13b1f38613cf3e013c94a835496e86a537", "b917589fa6394de51e2d957d056a2ad3bbe98008b7c0d80dfc34a9ef899ab7b6", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "95528ad474a06ae5c23200fac691561cae115466dd07e7f60cb5e9bf667443f5", "6ceeb2ab8b3d41fb927e0ffdcada6da07cac54124cdb8f0c9de15553a4254af5", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "f98fe265e3d49a10212f8f844677cb71fcbe73dd28fcad5ade1bbdf4a8c5e8cb", "fa94f3c28c812bdfd6ae0f7d130657ba242227de07d152fa8174a611ab7f70ea", "360e964ae4aaf043ea27780f20ab266bf55470e3d58fa20550c9f2c520823fbe", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "34861226330e4af50b8e03f6e9d8457ff1d1c9a7d3eeb1fc930a9f70a315dd54", "86497472773d474e05b8ecccc82dfd17d7a4ad6c38e6911d03d6956aedadd49a", "c7b65cca4f914602da625cdc2b73f558a9eae8d8868093b34374e86122487c9c", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "13f0e1860121210bdcfd59887053156fee80c0e7e61ad1b2109a3ca027060ef5", "ef90c5171cfd9c48b209ca4ffa40b803c1597aece9defa3c3c56dac3a066cafd", "a23c17fe1c893ac18bcc2d524adc6b8be07ee6ed2277701d2b43a1681ba60a29", "97fc7992ceecb79f0e43c702fc69a564941b9c909ffd422a7af6a8d1c575ffdd", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "e518df8e99ed5120dc21b215830872d164c361f772382e17054ad7e1c03b7749", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "31c10bfe9039675974640b3404fbbdccf660bbef3319ed011766f4e7e2dc6d48", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "c3087f4ebef7aa5ac5b209399a4a45e4e5988da2e5124f3967f2b765b736ce6b", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "ac097abc44ceac4f6f0b6a33e876a76284a9aad676ce924bda277925b3f12bf5", "42657321367294c31f060614894a0f13b1f38613cf3e013c94a835496e86a537", "b917589fa6394de51e2d957d056a2ad3bbe98008b7c0d80dfc34a9ef899ab7b6", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "95528ad474a06ae5c23200fac691561cae115466dd07e7f60cb5e9bf667443f5", "6ceeb2ab8b3d41fb927e0ffdcada6da07cac54124cdb8f0c9de15553a4254af5", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "f98fe265e3d49a10212f8f844677cb71fcbe73dd28fcad5ade1bbdf4a8c5e8cb", "fa94f3c28c812bdfd6ae0f7d130657ba242227de07d152fa8174a611ab7f70ea", "360e964ae4aaf043ea27780f20ab266bf55470e3d58fa20550c9f2c520823fbe", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "34861226330e4af50b8e03f6e9d8457ff1d1c9a7d3eeb1fc930a9f70a315dd54", "86497472773d474e05b8ecccc82dfd17d7a4ad6c38e6911d03d6956aedadd49a", "c7b65cca4f914602da625cdc2b73f558a9eae8d8868093b34374e86122487c9c", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "13f0e1860121210bdcfd59887053156fee80c0e7e61ad1b2109a3ca027060ef5", "ef90c5171cfd9c48b209ca4ffa40b803c1597aece9defa3c3c56dac3a066cafd", "a23c17fe1c893ac18bcc2d524adc6b8be07ee6ed2277701d2b43a1681ba60a29", "97fc7992ceecb79f0e43c702fc69a564941b9c909ffd422a7af6a8d1c575ffdd", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "e518df8e99ed5120dc21b215830872d164c361f772382e17054ad7e1c03b7749", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "31c10bfe9039675974640b3404fbbdccf660bbef3319ed011766f4e7e2dc6d48", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "c3087f4ebef7aa5ac5b209399a4a45e4e5988da2e5124f3967f2b765b736ce6b", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "ac097abc44ceac4f6f0b6a33e876a76284a9aad676ce924bda277925b3f12bf5", "42657321367294c31f060614894a0f13b1f38613cf3e013c94a835496e86a537", "b917589fa6394de51e2d957d056a2ad3bbe98008b7c0d80dfc34a9ef899ab7b6", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "95528ad474a06ae5c23200fac691561cae115466dd07e7f60cb5e9bf667443f5", "6ceeb2ab8b3d41fb927e0ffdcada6da07cac54124cdb8f0c9de15553a4254af5", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "f98fe265e3d49a10212f8f844677cb71fcbe73dd28fcad5ade1bbdf4a8c5e8cb", "fa94f3c28c812bdfd6ae0f7d130657ba242227de07d152fa8174a611ab7f70ea", "360e964ae4aaf043ea27780f20ab266bf55470e3d58fa20550c9f2c520823fbe", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "34861226330e4af50b8e03f6e9d8457ff1d1c9a7d3eeb1fc930a9f70a315dd54", "86497472773d474e05b8ecccc82dfd17d7a4ad6c38e6911d03d6956aedadd49a", "c7b65cca4f914602da625cdc2b73f558a9eae8d8868093b34374e86122487c9c", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "13f0e1860121210bdcfd59887053156fee80c0e7e61ad1b2109a3ca027060ef5", "ef90c5171cfd9c48b209ca4ffa40b803c1597aece9defa3c3c56dac3a066cafd", "a23c17fe1c893ac18bcc2d524adc6b8be07ee6ed2277701d2b43a1681ba60a29", "97fc7992ceecb79f0e43c702fc69a564941b9c909ffd422a7af6a8d1c575ffdd", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "malware-kuluoz-mutex", "hashes": ["9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "e518df8e99ed5120dc21b215830872d164c361f772382e17054ad7e1c03b7749", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "31c10bfe9039675974640b3404fbbdccf660bbef3319ed011766f4e7e2dc6d48", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "c3087f4ebef7aa5ac5b209399a4a45e4e5988da2e5124f3967f2b765b736ce6b", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "ac097abc44ceac4f6f0b6a33e876a76284a9aad676ce924bda277925b3f12bf5", "42657321367294c31f060614894a0f13b1f38613cf3e013c94a835496e86a537", "b917589fa6394de51e2d957d056a2ad3bbe98008b7c0d80dfc34a9ef899ab7b6", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "95528ad474a06ae5c23200fac691561cae115466dd07e7f60cb5e9bf667443f5", "6ceeb2ab8b3d41fb927e0ffdcada6da07cac54124cdb8f0c9de15553a4254af5", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "f98fe265e3d49a10212f8f844677cb71fcbe73dd28fcad5ade1bbdf4a8c5e8cb", "fa94f3c28c812bdfd6ae0f7d130657ba242227de07d152fa8174a611ab7f70ea", "360e964ae4aaf043ea27780f20ab266bf55470e3d58fa20550c9f2c520823fbe", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "34861226330e4af50b8e03f6e9d8457ff1d1c9a7d3eeb1fc930a9f70a315dd54", "86497472773d474e05b8ecccc82dfd17d7a4ad6c38e6911d03d6956aedadd49a", "c7b65cca4f914602da625cdc2b73f558a9eae8d8868093b34374e86122487c9c", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "13f0e1860121210bdcfd59887053156fee80c0e7e61ad1b2109a3ca027060ef5", "ef90c5171cfd9c48b209ca4ffa40b803c1597aece9defa3c3c56dac3a066cafd", "a23c17fe1c893ac18bcc2d524adc6b8be07ee6ed2277701d2b43a1681ba60a29", "97fc7992ceecb79f0e43c702fc69a564941b9c909ffd422a7af6a8d1c575ffdd", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1"], "mitre_attack_tags": []}, {"bi": "created-executable-sample-appdata", "hashes": ["9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "e518df8e99ed5120dc21b215830872d164c361f772382e17054ad7e1c03b7749", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "31c10bfe9039675974640b3404fbbdccf660bbef3319ed011766f4e7e2dc6d48", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "c3087f4ebef7aa5ac5b209399a4a45e4e5988da2e5124f3967f2b765b736ce6b", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "ac097abc44ceac4f6f0b6a33e876a76284a9aad676ce924bda277925b3f12bf5", "42657321367294c31f060614894a0f13b1f38613cf3e013c94a835496e86a537", "b917589fa6394de51e2d957d056a2ad3bbe98008b7c0d80dfc34a9ef899ab7b6", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "95528ad474a06ae5c23200fac691561cae115466dd07e7f60cb5e9bf667443f5", "6ceeb2ab8b3d41fb927e0ffdcada6da07cac54124cdb8f0c9de15553a4254af5", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "f98fe265e3d49a10212f8f844677cb71fcbe73dd28fcad5ade1bbdf4a8c5e8cb", "fa94f3c28c812bdfd6ae0f7d130657ba242227de07d152fa8174a611ab7f70ea", "360e964ae4aaf043ea27780f20ab266bf55470e3d58fa20550c9f2c520823fbe", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "34861226330e4af50b8e03f6e9d8457ff1d1c9a7d3eeb1fc930a9f70a315dd54", "86497472773d474e05b8ecccc82dfd17d7a4ad6c38e6911d03d6956aedadd49a", "c7b65cca4f914602da625cdc2b73f558a9eae8d8868093b34374e86122487c9c", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "13f0e1860121210bdcfd59887053156fee80c0e7e61ad1b2109a3ca027060ef5", "ef90c5171cfd9c48b209ca4ffa40b803c1597aece9defa3c3c56dac3a066cafd", "a23c17fe1c893ac18bcc2d524adc6b8be07ee6ed2277701d2b43a1681ba60a29", "97fc7992ceecb79f0e43c702fc69a564941b9c909ffd422a7af6a8d1c575ffdd", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "e518df8e99ed5120dc21b215830872d164c361f772382e17054ad7e1c03b7749", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "31c10bfe9039675974640b3404fbbdccf660bbef3319ed011766f4e7e2dc6d48", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "c3087f4ebef7aa5ac5b209399a4a45e4e5988da2e5124f3967f2b765b736ce6b", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "ac097abc44ceac4f6f0b6a33e876a76284a9aad676ce924bda277925b3f12bf5", "42657321367294c31f060614894a0f13b1f38613cf3e013c94a835496e86a537", "b917589fa6394de51e2d957d056a2ad3bbe98008b7c0d80dfc34a9ef899ab7b6", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "95528ad474a06ae5c23200fac691561cae115466dd07e7f60cb5e9bf667443f5", "6ceeb2ab8b3d41fb927e0ffdcada6da07cac54124cdb8f0c9de15553a4254af5", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "f98fe265e3d49a10212f8f844677cb71fcbe73dd28fcad5ade1bbdf4a8c5e8cb", "fa94f3c28c812bdfd6ae0f7d130657ba242227de07d152fa8174a611ab7f70ea", "360e964ae4aaf043ea27780f20ab266bf55470e3d58fa20550c9f2c520823fbe", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "34861226330e4af50b8e03f6e9d8457ff1d1c9a7d3eeb1fc930a9f70a315dd54", "86497472773d474e05b8ecccc82dfd17d7a4ad6c38e6911d03d6956aedadd49a", "c7b65cca4f914602da625cdc2b73f558a9eae8d8868093b34374e86122487c9c", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "13f0e1860121210bdcfd59887053156fee80c0e7e61ad1b2109a3ca027060ef5", "ef90c5171cfd9c48b209ca4ffa40b803c1597aece9defa3c3c56dac3a066cafd", "a23c17fe1c893ac18bcc2d524adc6b8be07ee6ed2277701d2b43a1681ba60a29", "97fc7992ceecb79f0e43c702fc69a564941b9c909ffd422a7af6a8d1c575ffdd", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-http-numeric-ip", "hashes": ["9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-communications-http-post", "hashes": ["9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "network-snort-server", "hashes": ["9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1"], "mitre_attack_tags": []}, {"bi": "malware-asprox-url-pattern-old", "hashes": ["9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1"], "mitre_attack_tags": []}, {"bi": "html-page-not-found", "hashes": ["9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Kuluoz, sometimes known as \"Asprox,\" is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.", "hashes": ["04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "13f0e1860121210bdcfd59887053156fee80c0e7e61ad1b2109a3ca027060ef5", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "31c10bfe9039675974640b3404fbbdccf660bbef3319ed011766f4e7e2dc6d48", "34861226330e4af50b8e03f6e9d8457ff1d1c9a7d3eeb1fc930a9f70a315dd54", "360e964ae4aaf043ea27780f20ab266bf55470e3d58fa20550c9f2c520823fbe", "42657321367294c31f060614894a0f13b1f38613cf3e013c94a835496e86a537", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "6ceeb2ab8b3d41fb927e0ffdcada6da07cac54124cdb8f0c9de15553a4254af5", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "86497472773d474e05b8ecccc82dfd17d7a4ad6c38e6911d03d6956aedadd49a", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "95528ad474a06ae5c23200fac691561cae115466dd07e7f60cb5e9bf667443f5", "97fc7992ceecb79f0e43c702fc69a564941b9c909ffd422a7af6a8d1c575ffdd", "9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "a23c17fe1c893ac18bcc2d524adc6b8be07ee6ed2277701d2b43a1681ba60a29", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "ac097abc44ceac4f6f0b6a33e876a76284a9aad676ce924bda277925b3f12bf5", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "b917589fa6394de51e2d957d056a2ad3bbe98008b7c0d80dfc34a9ef899ab7b6", "c3087f4ebef7aa5ac5b209399a4a45e4e5988da2e5124f3967f2b765b736ce6b", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "c7b65cca4f914602da625cdc2b73f558a9eae8d8868093b34374e86122487c9c", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "e518df8e99ed5120dc21b215830872d164c361f772382e17054ad7e1c03b7749", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "ef90c5171cfd9c48b209ca4ffa40b803c1597aece9defa3c3c56dac3a066cafd", "f98fe265e3d49a10212f8f844677cb71fcbe73dd28fcad5ade1bbdf4a8c5e8cb", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "fa94f3c28c812bdfd6ae0f7d130657ba242227de07d152fa8174a611ab7f70ea", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9"], "iocs": {"domain": [], "file": [{"hashes": ["04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "13f0e1860121210bdcfd59887053156fee80c0e7e61ad1b2109a3ca027060ef5", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "31c10bfe9039675974640b3404fbbdccf660bbef3319ed011766f4e7e2dc6d48", "34861226330e4af50b8e03f6e9d8457ff1d1c9a7d3eeb1fc930a9f70a315dd54", "360e964ae4aaf043ea27780f20ab266bf55470e3d58fa20550c9f2c520823fbe", "42657321367294c31f060614894a0f13b1f38613cf3e013c94a835496e86a537", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "6ceeb2ab8b3d41fb927e0ffdcada6da07cac54124cdb8f0c9de15553a4254af5", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "86497472773d474e05b8ecccc82dfd17d7a4ad6c38e6911d03d6956aedadd49a", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "95528ad474a06ae5c23200fac691561cae115466dd07e7f60cb5e9bf667443f5", "97fc7992ceecb79f0e43c702fc69a564941b9c909ffd422a7af6a8d1c575ffdd", "9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "a23c17fe1c893ac18bcc2d524adc6b8be07ee6ed2277701d2b43a1681ba60a29", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "ac097abc44ceac4f6f0b6a33e876a76284a9aad676ce924bda277925b3f12bf5", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "b917589fa6394de51e2d957d056a2ad3bbe98008b7c0d80dfc34a9ef899ab7b6", "c3087f4ebef7aa5ac5b209399a4a45e4e5988da2e5124f3967f2b765b736ce6b", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "c7b65cca4f914602da625cdc2b73f558a9eae8d8868093b34374e86122487c9c", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "e518df8e99ed5120dc21b215830872d164c361f772382e17054ad7e1c03b7749", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "ef90c5171cfd9c48b209ca4ffa40b803c1597aece9defa3c3c56dac3a066cafd", "f98fe265e3d49a10212f8f844677cb71fcbe73dd28fcad5ade1bbdf4a8c5e8cb", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "fa94f3c28c812bdfd6ae0f7d130657ba242227de07d152fa8174a611ab7f70ea", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9"], "path": "%LOCALAPPDATA%\\<random, matching '[a-z]{8}'>.exe"}], "ip": [{"hashes": ["04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "31c10bfe9039675974640b3404fbbdccf660bbef3319ed011766f4e7e2dc6d48", "360e964ae4aaf043ea27780f20ab266bf55470e3d58fa20550c9f2c520823fbe", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "6ceeb2ab8b3d41fb927e0ffdcada6da07cac54124cdb8f0c9de15553a4254af5", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "95528ad474a06ae5c23200fac691561cae115466dd07e7f60cb5e9bf667443f5", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "ac097abc44ceac4f6f0b6a33e876a76284a9aad676ce924bda277925b3f12bf5", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "b917589fa6394de51e2d957d056a2ad3bbe98008b7c0d80dfc34a9ef899ab7b6", "c3087f4ebef7aa5ac5b209399a4a45e4e5988da2e5124f3967f2b765b736ce6b", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "e518df8e99ed5120dc21b215830872d164c361f772382e17054ad7e1c03b7749", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "fa94f3c28c812bdfd6ae0f7d130657ba242227de07d152fa8174a611ab7f70ea", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9"], "ip": "78[.]157[.]209[.]228"}, {"hashes": ["04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "34861226330e4af50b8e03f6e9d8457ff1d1c9a7d3eeb1fc930a9f70a315dd54", "42657321367294c31f060614894a0f13b1f38613cf3e013c94a835496e86a537", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "97fc7992ceecb79f0e43c702fc69a564941b9c909ffd422a7af6a8d1c575ffdd", "9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "a23c17fe1c893ac18bcc2d524adc6b8be07ee6ed2277701d2b43a1681ba60a29", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "ac097abc44ceac4f6f0b6a33e876a76284a9aad676ce924bda277925b3f12bf5", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "b917589fa6394de51e2d957d056a2ad3bbe98008b7c0d80dfc34a9ef899ab7b6", "c3087f4ebef7aa5ac5b209399a4a45e4e5988da2e5124f3967f2b765b736ce6b", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "c7b65cca4f914602da625cdc2b73f558a9eae8d8868093b34374e86122487c9c", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "e518df8e99ed5120dc21b215830872d164c361f772382e17054ad7e1c03b7749", "f98fe265e3d49a10212f8f844677cb71fcbe73dd28fcad5ade1bbdf4a8c5e8cb", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "fa94f3c28c812bdfd6ae0f7d130657ba242227de07d152fa8174a611ab7f70ea", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9"], "ip": "85[.]25[.]108[.]164"}, {"hashes": ["04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "13f0e1860121210bdcfd59887053156fee80c0e7e61ad1b2109a3ca027060ef5", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "360e964ae4aaf043ea27780f20ab266bf55470e3d58fa20550c9f2c520823fbe", "42657321367294c31f060614894a0f13b1f38613cf3e013c94a835496e86a537", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "6ceeb2ab8b3d41fb927e0ffdcada6da07cac54124cdb8f0c9de15553a4254af5", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "95528ad474a06ae5c23200fac691561cae115466dd07e7f60cb5e9bf667443f5", "97fc7992ceecb79f0e43c702fc69a564941b9c909ffd422a7af6a8d1c575ffdd", "9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "a23c17fe1c893ac18bcc2d524adc6b8be07ee6ed2277701d2b43a1681ba60a29", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "c3087f4ebef7aa5ac5b209399a4a45e4e5988da2e5124f3967f2b765b736ce6b", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "c7b65cca4f914602da625cdc2b73f558a9eae8d8868093b34374e86122487c9c", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "ef90c5171cfd9c48b209ca4ffa40b803c1597aece9defa3c3c56dac3a066cafd"], "ip": "94[.]23[.]84[.]94"}, {"hashes": ["04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9"], "ip": "94[.]32[.]66[.]56"}, {"hashes": ["0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "13f0e1860121210bdcfd59887053156fee80c0e7e61ad1b2109a3ca027060ef5", "31c10bfe9039675974640b3404fbbdccf660bbef3319ed011766f4e7e2dc6d48", "42657321367294c31f060614894a0f13b1f38613cf3e013c94a835496e86a537", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "86497472773d474e05b8ecccc82dfd17d7a4ad6c38e6911d03d6956aedadd49a", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "95528ad474a06ae5c23200fac691561cae115466dd07e7f60cb5e9bf667443f5", "97fc7992ceecb79f0e43c702fc69a564941b9c909ffd422a7af6a8d1c575ffdd", "9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "a23c17fe1c893ac18bcc2d524adc6b8be07ee6ed2277701d2b43a1681ba60a29", "ac097abc44ceac4f6f0b6a33e876a76284a9aad676ce924bda277925b3f12bf5", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "b917589fa6394de51e2d957d056a2ad3bbe98008b7c0d80dfc34a9ef899ab7b6", "c3087f4ebef7aa5ac5b209399a4a45e4e5988da2e5124f3967f2b765b736ce6b", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6"], "ip": "177[.]87[.]64[.]25"}, {"hashes": ["34861226330e4af50b8e03f6e9d8457ff1d1c9a7d3eeb1fc930a9f70a315dd54", "360e964ae4aaf043ea27780f20ab266bf55470e3d58fa20550c9f2c520823fbe", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1", "6ceeb2ab8b3d41fb927e0ffdcada6da07cac54124cdb8f0c9de15553a4254af5", "86497472773d474e05b8ecccc82dfd17d7a4ad6c38e6911d03d6956aedadd49a", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "ac097abc44ceac4f6f0b6a33e876a76284a9aad676ce924bda277925b3f12bf5", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "e518df8e99ed5120dc21b215830872d164c361f772382e17054ad7e1c03b7749", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "f98fe265e3d49a10212f8f844677cb71fcbe73dd28fcad5ade1bbdf4a8c5e8cb", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "fa94f3c28c812bdfd6ae0f7d130657ba242227de07d152fa8174a611ab7f70ea", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14"], "ip": "109[.]169[.]46[.]59"}, {"hashes": ["04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "13f0e1860121210bdcfd59887053156fee80c0e7e61ad1b2109a3ca027060ef5", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "86497472773d474e05b8ecccc82dfd17d7a4ad6c38e6911d03d6956aedadd49a", "95528ad474a06ae5c23200fac691561cae115466dd07e7f60cb5e9bf667443f5", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "fa94f3c28c812bdfd6ae0f7d130657ba242227de07d152fa8174a611ab7f70ea", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9"], "ip": "176[.]31[.]110[.]165"}, {"hashes": ["13f0e1860121210bdcfd59887053156fee80c0e7e61ad1b2109a3ca027060ef5", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "31c10bfe9039675974640b3404fbbdccf660bbef3319ed011766f4e7e2dc6d48", "34861226330e4af50b8e03f6e9d8457ff1d1c9a7d3eeb1fc930a9f70a315dd54", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "6ceeb2ab8b3d41fb927e0ffdcada6da07cac54124cdb8f0c9de15553a4254af5", "95528ad474a06ae5c23200fac691561cae115466dd07e7f60cb5e9bf667443f5", "97fc7992ceecb79f0e43c702fc69a564941b9c909ffd422a7af6a8d1c575ffdd", "a23c17fe1c893ac18bcc2d524adc6b8be07ee6ed2277701d2b43a1681ba60a29", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "e518df8e99ed5120dc21b215830872d164c361f772382e17054ad7e1c03b7749", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "ef90c5171cfd9c48b209ca4ffa40b803c1597aece9defa3c3c56dac3a066cafd", "f98fe265e3d49a10212f8f844677cb71fcbe73dd28fcad5ade1bbdf4a8c5e8cb"], "ip": "91[.]121[.]98[.]60"}], "mutex": [{"hashes": ["04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "13f0e1860121210bdcfd59887053156fee80c0e7e61ad1b2109a3ca027060ef5", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "31c10bfe9039675974640b3404fbbdccf660bbef3319ed011766f4e7e2dc6d48", "34861226330e4af50b8e03f6e9d8457ff1d1c9a7d3eeb1fc930a9f70a315dd54", "360e964ae4aaf043ea27780f20ab266bf55470e3d58fa20550c9f2c520823fbe", "42657321367294c31f060614894a0f13b1f38613cf3e013c94a835496e86a537", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "6ceeb2ab8b3d41fb927e0ffdcada6da07cac54124cdb8f0c9de15553a4254af5", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "86497472773d474e05b8ecccc82dfd17d7a4ad6c38e6911d03d6956aedadd49a", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "95528ad474a06ae5c23200fac691561cae115466dd07e7f60cb5e9bf667443f5", "97fc7992ceecb79f0e43c702fc69a564941b9c909ffd422a7af6a8d1c575ffdd", "9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "a23c17fe1c893ac18bcc2d524adc6b8be07ee6ed2277701d2b43a1681ba60a29", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "ac097abc44ceac4f6f0b6a33e876a76284a9aad676ce924bda277925b3f12bf5", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "b917589fa6394de51e2d957d056a2ad3bbe98008b7c0d80dfc34a9ef899ab7b6", "c3087f4ebef7aa5ac5b209399a4a45e4e5988da2e5124f3967f2b765b736ce6b", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "c7b65cca4f914602da625cdc2b73f558a9eae8d8868093b34374e86122487c9c", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "e518df8e99ed5120dc21b215830872d164c361f772382e17054ad7e1c03b7749", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "ef90c5171cfd9c48b209ca4ffa40b803c1597aece9defa3c3c56dac3a066cafd", "f98fe265e3d49a10212f8f844677cb71fcbe73dd28fcad5ade1bbdf4a8c5e8cb", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "fa94f3c28c812bdfd6ae0f7d130657ba242227de07d152fa8174a611ab7f70ea", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9"], "name": "2GVWNQJz1"}], "registry": [{"hashes": ["04be2d1165429f6a1fc8217db32e549eeeb54983aa4c44f26e1147d054d954e1", "0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4", "13f0e1860121210bdcfd59887053156fee80c0e7e61ad1b2109a3ca027060ef5", "161dd94d902139168107ee72aa66fc2bb00ecbe72a9ea3a2645a2e5f3edb43bc", "1c5e6a11a293501d1bd41d302a7cbde8e8efc67916e4a063a5757f476190c48f", "31c10bfe9039675974640b3404fbbdccf660bbef3319ed011766f4e7e2dc6d48", "34861226330e4af50b8e03f6e9d8457ff1d1c9a7d3eeb1fc930a9f70a315dd54", "360e964ae4aaf043ea27780f20ab266bf55470e3d58fa20550c9f2c520823fbe", "42657321367294c31f060614894a0f13b1f38613cf3e013c94a835496e86a537", "45bedf4f08cc21eb94088a7ebd942915d8e3f834d0632cfb9264d92228c8a4f1", "47ea467e5da54049ec9c40d2173a97fb87dae67546faba7dce0631ad88fa3fa9", "47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714", "6ceeb2ab8b3d41fb927e0ffdcada6da07cac54124cdb8f0c9de15553a4254af5", "75ed32ca3cc84d402a91fb13088ac3421917d427efb55bf2442b71f6dfd6a398", "7ef5f3c744b456b04c79e14c5923a7cfbc3894f14a473a564d843dce62293b5a", "86497472773d474e05b8ecccc82dfd17d7a4ad6c38e6911d03d6956aedadd49a", "92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1", "95528ad474a06ae5c23200fac691561cae115466dd07e7f60cb5e9bf667443f5", "97fc7992ceecb79f0e43c702fc69a564941b9c909ffd422a7af6a8d1c575ffdd", "9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87", "a23c17fe1c893ac18bcc2d524adc6b8be07ee6ed2277701d2b43a1681ba60a29", "a3a34b395a54043f247e09b8f6656ed66c74c6d02735e49a87e118749a1daa37", "ac097abc44ceac4f6f0b6a33e876a76284a9aad676ce924bda277925b3f12bf5", "ae08cd70435a6eacc7097babc6c26ecae3484bf8ca73ac1ae4f8078eef69d017", "ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4", "b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56", "b917589fa6394de51e2d957d056a2ad3bbe98008b7c0d80dfc34a9ef899ab7b6", "c3087f4ebef7aa5ac5b209399a4a45e4e5988da2e5124f3967f2b765b736ce6b", "c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486", "c7b65cca4f914602da625cdc2b73f558a9eae8d8868093b34374e86122487c9c", "d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331", "d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8", "d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195", "e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05", "e518df8e99ed5120dc21b215830872d164c361f772382e17054ad7e1c03b7749", "ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a", "ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4", "ef90c5171cfd9c48b209ca4ffa40b803c1597aece9defa3c3c56dac3a066cafd", "f98fe265e3d49a10212f8f844677cb71fcbe73dd28fcad5ade1bbdf4a8c5e8cb", "fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6", "fa94f3c28c812bdfd6ae0f7d130657ba242227de07d152fa8174a611ab7f70ea", "fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14", "fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9"], "key": "<HKCU>\\SOFTWARE\\<random, matching '[a-zA-Z0-9]{5,9}'>", "value_name": null}, {"hashes": ["86497472773d474e05b8ecccc82dfd17d7a4ad6c38e6911d03d6956aedadd49a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ewdtednn"}, {"hashes": ["9f8eaa58bddf52d4ebc3603f00b6b19d76fe5ae486a308ac7d21330486fa0f87"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "kfgsdpdv"}, {"hashes": ["c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486"], "key": "<HKCU>\\SOFTWARE\\XLWVBVLN", "value_name": "xtxmwque"}, {"hashes": ["ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4"], "key": "<HKCU>\\SOFTWARE\\ERIUEKCR", "value_name": "dwpjqlpa"}, {"hashes": ["6ceeb2ab8b3d41fb927e0ffdcada6da07cac54124cdb8f0c9de15553a4254af5"], "key": "<HKCU>\\SOFTWARE\\FKGDWLFC", "value_name": "btcgqtxv"}, {"hashes": ["c415ce187918b1d143e3ab99aea5c5db4464cc913baaffeef69ae8813a708486"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "pwjcpvtg"}, {"hashes": ["47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714"], "key": "<HKCU>\\SOFTWARE\\TRDDWSJW", "value_name": "hkwogctf"}, {"hashes": ["ae622c4057b66fb39cc1a341f50ceaaa7146fe4c1e06d0d6e316547cff821da4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "lwrnfwdh"}, {"hashes": ["6ceeb2ab8b3d41fb927e0ffdcada6da07cac54124cdb8f0c9de15553a4254af5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "btomjvqp"}, {"hashes": ["c3087f4ebef7aa5ac5b209399a4a45e4e5988da2e5124f3967f2b765b736ce6b"], "key": "<HKCU>\\SOFTWARE\\BUGITDDP", "value_name": "txxsdgjg"}, {"hashes": ["47f9eabe7f83bbce4b0d52282ba627f678ecc48604201101f7650ecc72a3b714"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "doviudox"}, {"hashes": ["c3087f4ebef7aa5ac5b209399a4a45e4e5988da2e5124f3967f2b765b736ce6b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "tuqsrtec"}, {"hashes": ["fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9"], "key": "<HKCU>\\SOFTWARE\\EOBOTIUK", "value_name": "ulgvwopi"}, {"hashes": ["97fc7992ceecb79f0e43c702fc69a564941b9c909ffd422a7af6a8d1c575ffdd"], "key": "<HKCU>\\SOFTWARE\\PILXJFXK", "value_name": "ktkriwfo"}, {"hashes": ["fa94f3c28c812bdfd6ae0f7d130657ba242227de07d152fa8174a611ab7f70ea"], "key": "<HKCU>\\SOFTWARE\\IDCCIMKF", "value_name": "tmumianw"}, {"hashes": ["fe89c0424531961faa0bbc70a6171467ed0ed881affa7d0f0fe9b1ea670953d9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "lwkqralw"}, {"hashes": ["97fc7992ceecb79f0e43c702fc69a564941b9c909ffd422a7af6a8d1c575ffdd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "vuemrbob"}, {"hashes": ["fa94f3c28c812bdfd6ae0f7d130657ba242227de07d152fa8174a611ab7f70ea"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "rssaalxp"}, {"hashes": ["ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a"], "key": "<HKCU>\\SOFTWARE\\EFOKESHU", "value_name": "xulsnjws"}, {"hashes": ["ee96aa3c71a991cf1f87f2eff4db5f6a7f7d44a2f69970b82c8feab31449f64a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "fllgmrwq"}, {"hashes": ["ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4"], "key": "<HKCU>\\SOFTWARE\\GIEJFQCE", "value_name": "iuqwifxx"}, {"hashes": ["ef1f2c2a59ed193e1642da066d32b639fd810fb2950bbff8bf2fde379213ddc4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "toqdahjd"}, {"hashes": ["92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1"], "key": "<HKCU>\\SOFTWARE\\ELNQDQUF", "value_name": "uhvnsbhc"}, {"hashes": ["92f407eb8a0b4562acd7f1c27c86ed365b37c37bbc2fda343efd0fe22ea73bd1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "vtjkaseh"}, {"hashes": ["fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14"], "key": "<HKCU>\\SOFTWARE\\FGAKVLJI", "value_name": "ndviueux"}, {"hashes": ["c7b65cca4f914602da625cdc2b73f558a9eae8d8868093b34374e86122487c9c"], "key": "<HKCU>\\SOFTWARE\\MGGRHVLS", "value_name": "nqubmqqa"}, {"hashes": ["fe3b45f030a03252dc6724682bb3620906fe41459a870ae0699b3b4abf1b9b14"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ttxmgajl"}, {"hashes": ["c7b65cca4f914602da625cdc2b73f558a9eae8d8868093b34374e86122487c9c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "qgpotmni"}, {"hashes": ["f98fe265e3d49a10212f8f844677cb71fcbe73dd28fcad5ade1bbdf4a8c5e8cb"], "key": "<HKCU>\\SOFTWARE\\PPQVOQTP", "value_name": "fspllxxp"}, {"hashes": ["0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4"], "key": "<HKCU>\\SOFTWARE\\GDOQEVIE", "value_name": "mbrkrmaj"}, {"hashes": ["f98fe265e3d49a10212f8f844677cb71fcbe73dd28fcad5ade1bbdf4a8c5e8cb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "abniafde"}, {"hashes": ["0672e260b9febfd47b8536c8cd17866dc5cad82fbd9acf6778225c69617f8df4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "lxwktfho"}, {"hashes": ["b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56"], "key": "<HKCU>\\SOFTWARE\\BNMBMHAM", "value_name": "dukjeklm"}, {"hashes": ["ac097abc44ceac4f6f0b6a33e876a76284a9aad676ce924bda277925b3f12bf5"], "key": "<HKCU>\\SOFTWARE\\IRHXBTBC", "value_name": "fohvpwdq"}, {"hashes": ["b114b13753a82d5d8330aea8c16febddd0522f611d656c71364ea2d1a7403a56"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "lxpvljfd"}, {"hashes": ["ac097abc44ceac4f6f0b6a33e876a76284a9aad676ce924bda277925b3f12bf5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ojspwsvf"}, {"hashes": ["e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05"], "key": "<HKCU>\\SOFTWARE\\QQLINHFT", "value_name": "tghfkpfq"}, {"hashes": ["d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331"], "key": "<HKCU>\\SOFTWARE\\GDVAPEPP", "value_name": "ihsnwfvi"}, {"hashes": ["ef90c5171cfd9c48b209ca4ffa40b803c1597aece9defa3c3c56dac3a066cafd"], "key": "<HKCU>\\SOFTWARE\\WUKHPXSA", "value_name": "wlurnovk"}, {"hashes": ["e334b50021bbd95aaa65afa523105fe8652ff83475cef4de394da01420187a05"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "mavbfgfo"}, {"hashes": ["d035d109efdd781d1890618914a1281b4d5a53d6fc67179f38b1acb7caedf331"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "hxgarlne"}, {"hashes": ["ef90c5171cfd9c48b209ca4ffa40b803c1597aece9defa3c3c56dac3a066cafd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "oxgasvxs"}, {"hashes": ["fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6"], "key": "<HKCU>\\SOFTWARE\\PNPUBVIB", "value_name": "vfeaqwqp"}, {"hashes": ["fa542639728c094c868b5689c28d21abcfc535f8b6be37c2aebe24d4d2a602a6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "okqwwvhf"}, {"hashes": ["d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8"], "key": "<HKCU>\\SOFTWARE\\VTWMCTBA", "value_name": "xwajijuf"}, {"hashes": ["d092ca0f68c891c6f6a92c70726af55251067c61505c64937c0630281a6aeda8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "btclgwql"}, {"hashes": ["d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195"], "key": "<HKCU>\\SOFTWARE\\JFVOSROT", "value_name": "vkotfxxk"}, {"hashes": ["d91908bf280f559b2ff54c1a8218d7fe90f9d9a890d80bfb747e47fafae92195"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "fqxwdfdn"}]}, "reports_count": 43}, "Win.Dropper.Zeus-10004541-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["8dd6322a5fca13c5888901c97e995a61cd55d43c695c423bc7cb9fbeea67a14a", "c64bc76836aa66b5602911eb766d82a70f2d503a3df88907c453dfa783eb4621", "0eae875ca8ee8ea1875cab7a5d0e3c9c7af1a402cb978503c794453b613e614c", "37af0d523354241a0e0c39786f158e24c17f394d3211fcc0f7a3422e85823518", "2e1b0cdae24a711bbf07934bcef5d729c984cc4d075d7a88334f2a434d09cd72", "de6d74aba65daf28da4d18c0ea604a6919ffdd9c59beb07f9aa159b8d74cc8f4", "61d04496b6765bd8adc5e5d6beaacdec45a943e55d8eb5566331829815aae8de", "6d8f1d0bbf470a12b700813c309e7b1c641667be9ee4d07ddc5b9670e147e797", "eff388de6e2e104e64d0d28fe61837afd2cf053ddb3ca40d8ad5ed6654570d9c", "5ac479b9b3acc452dfe29c18a06ed5dfca8844ef7dbdf695a215a7b9316d6d95", "60fd5cbf3e51f74d45c4821043e303d6c4f6b1e108c3fab7049a7f361bbffd46", "903ed73feb1f20767ab7032f389e1595fe91c3cad364d53e8386ee86c14776ff", "ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef", "23ec2f58279589e488b31acbe11616e9330e797478153693f830b89d22acd7d3", "6ff603ff02897c372646410cc8e3b62a2759d333d469ca3c6b0a88c5829a2796"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["8dd6322a5fca13c5888901c97e995a61cd55d43c695c423bc7cb9fbeea67a14a", "c64bc76836aa66b5602911eb766d82a70f2d503a3df88907c453dfa783eb4621", "0eae875ca8ee8ea1875cab7a5d0e3c9c7af1a402cb978503c794453b613e614c", "37af0d523354241a0e0c39786f158e24c17f394d3211fcc0f7a3422e85823518", "2e1b0cdae24a711bbf07934bcef5d729c984cc4d075d7a88334f2a434d09cd72", "de6d74aba65daf28da4d18c0ea604a6919ffdd9c59beb07f9aa159b8d74cc8f4", "61d04496b6765bd8adc5e5d6beaacdec45a943e55d8eb5566331829815aae8de", "6d8f1d0bbf470a12b700813c309e7b1c641667be9ee4d07ddc5b9670e147e797", "eff388de6e2e104e64d0d28fe61837afd2cf053ddb3ca40d8ad5ed6654570d9c", "5ac479b9b3acc452dfe29c18a06ed5dfca8844ef7dbdf695a215a7b9316d6d95", "60fd5cbf3e51f74d45c4821043e303d6c4f6b1e108c3fab7049a7f361bbffd46", "903ed73feb1f20767ab7032f389e1595fe91c3cad364d53e8386ee86c14776ff", "ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef", "23ec2f58279589e488b31acbe11616e9330e797478153693f830b89d22acd7d3", "6ff603ff02897c372646410cc8e3b62a2759d333d469ca3c6b0a88c5829a2796"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["8dd6322a5fca13c5888901c97e995a61cd55d43c695c423bc7cb9fbeea67a14a", "c64bc76836aa66b5602911eb766d82a70f2d503a3df88907c453dfa783eb4621", "0eae875ca8ee8ea1875cab7a5d0e3c9c7af1a402cb978503c794453b613e614c", "37af0d523354241a0e0c39786f158e24c17f394d3211fcc0f7a3422e85823518", "2e1b0cdae24a711bbf07934bcef5d729c984cc4d075d7a88334f2a434d09cd72", "de6d74aba65daf28da4d18c0ea604a6919ffdd9c59beb07f9aa159b8d74cc8f4", "61d04496b6765bd8adc5e5d6beaacdec45a943e55d8eb5566331829815aae8de", "6d8f1d0bbf470a12b700813c309e7b1c641667be9ee4d07ddc5b9670e147e797", "eff388de6e2e104e64d0d28fe61837afd2cf053ddb3ca40d8ad5ed6654570d9c", "5ac479b9b3acc452dfe29c18a06ed5dfca8844ef7dbdf695a215a7b9316d6d95", "60fd5cbf3e51f74d45c4821043e303d6c4f6b1e108c3fab7049a7f361bbffd46", "903ed73feb1f20767ab7032f389e1595fe91c3cad364d53e8386ee86c14776ff", "ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef", "23ec2f58279589e488b31acbe11616e9330e797478153693f830b89d22acd7d3", "6ff603ff02897c372646410cc8e3b62a2759d333d469ca3c6b0a88c5829a2796"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "dns-query-nxdomain", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": []}, {"bi": "network-dns-category-phishing", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "deleted-submitted-file", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-known-trojan-av", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": []}, {"bi": "listening-port-opened", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "files-deleted-used-batch", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0005"]}, {"bi": "cmd-exe-file-execution", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "pe-resource-lang-russian", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": []}, {"bi": "unsigned-roaming-execution", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-certificate", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "files-created-batch", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-alternate-data-stream-modification", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "network-dns-safe-categories", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-spanish", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": []}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-zeus-mutex-detected", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-korean", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-arabic", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": []}, {"bi": "sample-modified-deleted", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-zeus-variant-detected", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": []}, {"bi": "eml-same-sender-recipient", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "enumeration-email-program-information", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "outlook-express-com-server", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0009", "TA0003", "TA0004", "T1114", "T1546"]}, {"bi": "eml-link", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "eml-mismatched-name-to-header", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "email-same-sender-receiver-domain", "hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Zeus is a trojan that steals information such as banking credentials using methods such as key-logging and form-grabbing.", "hashes": ["0eae875ca8ee8ea1875cab7a5d0e3c9c7af1a402cb978503c794453b613e614c", "23ec2f58279589e488b31acbe11616e9330e797478153693f830b89d22acd7d3", "2e1b0cdae24a711bbf07934bcef5d729c984cc4d075d7a88334f2a434d09cd72", "37af0d523354241a0e0c39786f158e24c17f394d3211fcc0f7a3422e85823518", "5ac479b9b3acc452dfe29c18a06ed5dfca8844ef7dbdf695a215a7b9316d6d95", "60fd5cbf3e51f74d45c4821043e303d6c4f6b1e108c3fab7049a7f361bbffd46", "61d04496b6765bd8adc5e5d6beaacdec45a943e55d8eb5566331829815aae8de", "6d8f1d0bbf470a12b700813c309e7b1c641667be9ee4d07ddc5b9670e147e797", "6ff603ff02897c372646410cc8e3b62a2759d333d469ca3c6b0a88c5829a2796", "8dd6322a5fca13c5888901c97e995a61cd55d43c695c423bc7cb9fbeea67a14a", "903ed73feb1f20767ab7032f389e1595fe91c3cad364d53e8386ee86c14776ff", "c64bc76836aa66b5602911eb766d82a70f2d503a3df88907c453dfa783eb4621", "ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef", "de6d74aba65daf28da4d18c0ea604a6919ffdd9c59beb07f9aa159b8d74cc8f4", "eff388de6e2e104e64d0d28fe61837afd2cf053ddb3ca40d8ad5ed6654570d9c"], "iocs": {"domain": [{"hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "host": "unchangedantivirus[.]com"}, {"hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "host": "uhgnc43fgjl82309dfg99df1[.]com"}, {"hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "host": "uhgnc44fgjl82509dfg90df[.]com"}], "file": [{"hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "path": "%APPDATA%\\Noalxe\\ocses.ukk"}, {"hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "path": "%TEMP%\\tmpa0a62141.bat"}, {"hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "path": "%APPDATA%\\Noalxe"}, {"hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "path": "%APPDATA%\\Pysiha"}, {"hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "path": "%APPDATA%\\Pysiha\\orisv.exe"}, {"hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "path": "%APPDATA%\\Yrnin"}, {"hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "path": "%APPDATA%\\Yrnin\\rogi.aqt"}], "ip": [], "mutex": [{"hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "name": "Local\\{<random GUID>}"}, {"hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "name": "GLOBAL\\{<random GUID>}"}], "registry": [{"hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\PRIVACY", "value_name": "CleanCookies"}, {"hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.101", "value_name": "CheckSetting"}, {"hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.103", "value_name": "CheckSetting"}, {"hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.100", "value_name": "CheckSetting"}, {"hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.102", "value_name": "CheckSetting"}, {"hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.104", "value_name": "CheckSetting"}, {"hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Idugibufy"}, {"hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\TAID", "value_name": "Keewabanr"}, {"hashes": ["ce06e1e2b1b89ad5e98499910d0e4151ccf49fb6c806b1f13e28551c1ca58aef"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\TAID", "value_name": null}]}, "reports_count": 15}, "Win.Packed.Nanocore-10004398-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f", "c5c46c7bdb0a6a9db80a1b2393a2d2dcb2cc497f678779c3aac38b2b0db3f80c", "9e3dd1cab3bb5c9980d75079dd5525cf724e0e496bf6fd7db27bf8124506b883", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c", "8b6d1769bdcbfe25f0fb3e1cd47b99e71d8dbecd010c0e1456529f43d4a0a8c4", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d", "caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "ba9882d95e3ae22ec4ed90535f81b6396a259a5e1ea940cec487b4b1d6ff9e41", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f", "c5c46c7bdb0a6a9db80a1b2393a2d2dcb2cc497f678779c3aac38b2b0db3f80c", "9e3dd1cab3bb5c9980d75079dd5525cf724e0e496bf6fd7db27bf8124506b883", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c", "8b6d1769bdcbfe25f0fb3e1cd47b99e71d8dbecd010c0e1456529f43d4a0a8c4", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d", "caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "ba9882d95e3ae22ec4ed90535f81b6396a259a5e1ea940cec487b4b1d6ff9e41", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f", "c5c46c7bdb0a6a9db80a1b2393a2d2dcb2cc497f678779c3aac38b2b0db3f80c", "9e3dd1cab3bb5c9980d75079dd5525cf724e0e496bf6fd7db27bf8124506b883", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c", "8b6d1769bdcbfe25f0fb3e1cd47b99e71d8dbecd010c0e1456529f43d4a0a8c4", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d", "caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "ba9882d95e3ae22ec4ed90535f81b6396a259a5e1ea940cec487b4b1d6ff9e41", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f", "c5c46c7bdb0a6a9db80a1b2393a2d2dcb2cc497f678779c3aac38b2b0db3f80c", "9e3dd1cab3bb5c9980d75079dd5525cf724e0e496bf6fd7db27bf8124506b883", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c", "8b6d1769bdcbfe25f0fb3e1cd47b99e71d8dbecd010c0e1456529f43d4a0a8c4", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d", "caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "ba9882d95e3ae22ec4ed90535f81b6396a259a5e1ea940cec487b4b1d6ff9e41", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-uses-dot-net", "hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f", "c5c46c7bdb0a6a9db80a1b2393a2d2dcb2cc497f678779c3aac38b2b0db3f80c", "9e3dd1cab3bb5c9980d75079dd5525cf724e0e496bf6fd7db27bf8124506b883", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c", "8b6d1769bdcbfe25f0fb3e1cd47b99e71d8dbecd010c0e1456529f43d4a0a8c4", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d", "caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "ba9882d95e3ae22ec4ed90535f81b6396a259a5e1ea940cec487b4b1d6ff9e41", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f", "c5c46c7bdb0a6a9db80a1b2393a2d2dcb2cc497f678779c3aac38b2b0db3f80c", "9e3dd1cab3bb5c9980d75079dd5525cf724e0e496bf6fd7db27bf8124506b883", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c", "8b6d1769bdcbfe25f0fb3e1cd47b99e71d8dbecd010c0e1456529f43d4a0a8c4", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d", "caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "ba9882d95e3ae22ec4ed90535f81b6396a259a5e1ea940cec487b4b1d6ff9e41", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-header-linker-major", "hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f", "c5c46c7bdb0a6a9db80a1b2393a2d2dcb2cc497f678779c3aac38b2b0db3f80c", "9e3dd1cab3bb5c9980d75079dd5525cf724e0e496bf6fd7db27bf8124506b883", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c", "8b6d1769bdcbfe25f0fb3e1cd47b99e71d8dbecd010c0e1456529f43d4a0a8c4", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d", "caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "ba9882d95e3ae22ec4ed90535f81b6396a259a5e1ea940cec487b4b1d6ff9e41", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-future", "hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f", "c5c46c7bdb0a6a9db80a1b2393a2d2dcb2cc497f678779c3aac38b2b0db3f80c", "9e3dd1cab3bb5c9980d75079dd5525cf724e0e496bf6fd7db27bf8124506b883", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c", "8b6d1769bdcbfe25f0fb3e1cd47b99e71d8dbecd010c0e1456529f43d4a0a8c4", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d", "caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "ba9882d95e3ae22ec4ed90535f81b6396a259a5e1ea940cec487b4b1d6ff9e41", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["c5c46c7bdb0a6a9db80a1b2393a2d2dcb2cc497f678779c3aac38b2b0db3f80c", "9e3dd1cab3bb5c9980d75079dd5525cf724e0e496bf6fd7db27bf8124506b883", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "8b6d1769bdcbfe25f0fb3e1cd47b99e71d8dbecd010c0e1456529f43d4a0a8c4", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d", "caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "ba9882d95e3ae22ec4ed90535f81b6396a259a5e1ea940cec487b4b1d6ff9e41", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "modified-file-in-user-dir", "hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d", "caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d", "caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d", "caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": []}, {"bi": "sc-service-stop-windefend", "hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f", "c5c46c7bdb0a6a9db80a1b2393a2d2dcb2cc497f678779c3aac38b2b0db3f80c", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d", "caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "created-executable-sample-appdata", "hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d", "caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "artifact-windows-task", "hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d", "caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask", "hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d", "caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d", "caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d", "caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f", "c5c46c7bdb0a6a9db80a1b2393a2d2dcb2cc497f678779c3aac38b2b0db3f80c", "3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d", "caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-ini-read", "hashes": ["9e3dd1cab3bb5c9980d75079dd5525cf724e0e496bf6fd7db27bf8124506b883", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "8b6d1769bdcbfe25f0fb3e1cd47b99e71d8dbecd010c0e1456529f43d4a0a8c4", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "ba9882d95e3ae22ec4ed90535f81b6396a259a5e1ea940cec487b4b1d6ff9e41"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["9e3dd1cab3bb5c9980d75079dd5525cf724e0e496bf6fd7db27bf8124506b883", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "8b6d1769bdcbfe25f0fb3e1cd47b99e71d8dbecd010c0e1456529f43d4a0a8c4", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "ba9882d95e3ae22ec4ed90535f81b6396a259a5e1ea940cec487b4b1d6ff9e41"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["9e3dd1cab3bb5c9980d75079dd5525cf724e0e496bf6fd7db27bf8124506b883", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "8b6d1769bdcbfe25f0fb3e1cd47b99e71d8dbecd010c0e1456529f43d4a0a8c4", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "ba9882d95e3ae22ec4ed90535f81b6396a259a5e1ea940cec487b4b1d6ff9e41"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["9e3dd1cab3bb5c9980d75079dd5525cf724e0e496bf6fd7db27bf8124506b883", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "8b6d1769bdcbfe25f0fb3e1cd47b99e71d8dbecd010c0e1456529f43d4a0a8c4", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "ba9882d95e3ae22ec4ed90535f81b6396a259a5e1ea940cec487b4b1d6ff9e41"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "malware-generic-infostealer", "hashes": ["9e3dd1cab3bb5c9980d75079dd5525cf724e0e496bf6fd7db27bf8124506b883", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "8b6d1769bdcbfe25f0fb3e1cd47b99e71d8dbecd010c0e1456529f43d4a0a8c4", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "ba9882d95e3ae22ec4ed90535f81b6396a259a5e1ea940cec487b4b1d6ff9e41"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "network-fast-flux-domain", "hashes": ["9e3dd1cab3bb5c9980d75079dd5525cf724e0e496bf6fd7db27bf8124506b883", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["9e3dd1cab3bb5c9980d75079dd5525cf724e0e496bf6fd7db27bf8124506b883", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["9e3dd1cab3bb5c9980d75079dd5525cf724e0e496bf6fd7db27bf8124506b883", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "registry-autorun-key-modified", "hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-check-zone-identifier", "hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}, {"bi": "firefox-cookie-read", "hashes": ["7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": []}, {"bi": "feed-public-ip-check-dns", "hashes": ["7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326"], "mitre_attack_tags": []}, {"bi": "network-telegram-domain-detected", "hashes": ["7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "network-opendns-malicious", "hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "malware-nanocore-artifact-detected", "hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": []}, {"bi": "schtask-forcefully-created", "hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "modified-file-in-program-dir", "hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": []}, {"bi": "dotnet-malicious-assembly-name", "hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7"], "mitre_attack_tags": []}, {"bi": "process-created-executable-autorun", "hashes": ["81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-communications-smtp", "hashes": ["d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-attachment", "hashes": ["d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "eml-same-sender-recipient", "hashes": ["d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "email-same-sender-receiver-domain", "hashes": ["d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Nanocore is a .NET remote access trojan. Its source code has been leaked several times, making it widely available. Like other RATs, it allows full control of the system, including recording video and audio, stealing passwords, downloading files and recording keystrokes.", "hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f", "3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c", "3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d", "5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "8b6d1769bdcbfe25f0fb3e1cd47b99e71d8dbecd010c0e1456529f43d4a0a8c4", "9e3dd1cab3bb5c9980d75079dd5525cf724e0e496bf6fd7db27bf8124506b883", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984", "ba9882d95e3ae22ec4ed90535f81b6396a259a5e1ea940cec487b4b1d6ff9e41", "c5c46c7bdb0a6a9db80a1b2393a2d2dcb2cc497f678779c3aac38b2b0db3f80c", "caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7", "d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828"], "iocs": {"domain": [{"hashes": ["5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "9e3dd1cab3bb5c9980d75079dd5525cf724e0e496bf6fd7db27bf8124506b883"], "host": "api[.]ipify[.]org"}, {"hashes": ["7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb"], "host": "api[.]telegram[.]org"}, {"hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828"], "host": "december2nd[.]ddns[.]net"}, {"hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828"], "host": "december2n[.]duckdns[.]org"}, {"hashes": ["d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e"], "host": "smtp[.]joycepackglobal[.]com"}], "file": [{"hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f", "3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c", "3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984", "caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828"], "path": "%System32%\\Tasks\\Updates"}, {"hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f", "3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c", "3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d", "6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984", "caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7", "d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.tmp"}, {"hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828"], "path": "%ProgramFiles(x86)%\\AGP Manager"}, {"hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828"], "path": "%ProgramFiles(x86)%\\AGP Manager\\agpmgr.exe"}, {"hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5"}, {"hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs"}, {"hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs\\Administrator"}, {"hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\run.dat"}, {"hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\task.dat"}, {"hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828"], "path": "%System32%\\Tasks\\AGP Manager"}, {"hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828"], "path": "%System32%\\Tasks\\AGP Manager Task"}, {"hashes": ["5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326"], "path": "%APPDATA%\\uqlXk"}, {"hashes": ["5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326"], "path": "%APPDATA%\\uqlXk\\uqlXk.exe"}, {"hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f"], "path": "%APPDATA%\\OuInyVb.exe"}, {"hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f"], "path": "%System32%\\Tasks\\Updates\\OuInyVb"}, {"hashes": ["3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d"], "path": "%APPDATA%\\XkYmbRyk.exe"}, {"hashes": ["3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d"], "path": "%System32%\\Tasks\\Updates\\XkYmbRyk"}, {"hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b"], "path": "%APPDATA%\\mCAZjSlOqEdVo.exe"}, {"hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b"], "path": "%System32%\\Tasks\\Updates\\mCAZjSlOqEdVo"}, {"hashes": ["7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218"], "path": "%APPDATA%\\w3jtb4ed.rph\\Firefox\\Profiles\\1lcuq8ab.default\\cookies.sqlite"}, {"hashes": ["6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa"], "path": "%APPDATA%\\bCaWJAu.exe"}, {"hashes": ["6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa"], "path": "%System32%\\Tasks\\Updates\\bCaWJAu"}, {"hashes": ["7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218"], "path": "%APPDATA%\\vJyKicblmfOPOF.exe"}, {"hashes": ["7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218"], "path": "%System32%\\Tasks\\Updates\\vJyKicblmfOPOF"}, {"hashes": ["3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c"], "path": "%APPDATA%\\drltEKUBys.exe"}, {"hashes": ["3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c"], "path": "%System32%\\Tasks\\Updates\\drltEKUBys"}, {"hashes": ["caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7"], "path": "%APPDATA%\\WYGVYkHrmOch.exe"}, {"hashes": ["caf3bf03258eea3f9dc186324f276796170edb45560f68226ef651190a18f5b7"], "path": "%System32%\\Tasks\\Updates\\WYGVYkHrmOch"}, {"hashes": ["7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326"], "path": "%APPDATA%\\c22ysi4a.now\\Firefox\\Profiles\\1lcuq8ab.default"}, {"hashes": ["7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326"], "path": "%APPDATA%\\c22ysi4a.now\\Firefox\\Profiles\\1lcuq8ab.default\\cookies.sqlite"}, {"hashes": ["d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571"], "path": "%APPDATA%\\EYLkmBNhw.exe"}, {"hashes": ["d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571"], "path": "%System32%\\Tasks\\Updates\\EYLkmBNhw"}, {"hashes": ["f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828"], "path": "%APPDATA%\\borNtC.exe"}, {"hashes": ["f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828"], "path": "%System32%\\Tasks\\Updates\\borNtC"}, {"hashes": ["d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e"], "path": "%APPDATA%\\gintcrx4.1xs"}, {"hashes": ["d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e"], "path": "%APPDATA%\\gintcrx4.1xs\\Firefox"}, {"hashes": ["d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e"], "path": "%APPDATA%\\gintcrx4.1xs\\Firefox\\Profiles"}, {"hashes": ["d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e"], "path": "%APPDATA%\\gintcrx4.1xs\\Firefox\\Profiles\\1lcuq8ab.default"}, {"hashes": ["d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e"], "path": "%APPDATA%\\gintcrx4.1xs\\Firefox\\Profiles\\1lcuq8ab.default\\cookies.sqlite"}, {"hashes": ["b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "path": "%APPDATA%\\pUcoopDtE.exe"}, {"hashes": ["81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb"], "path": "%APPDATA%\\n01b4flf.en2"}, {"hashes": ["81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb"], "path": "%APPDATA%\\n01b4flf.en2\\Firefox"}, {"hashes": ["81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb"], "path": "%APPDATA%\\n01b4flf.en2\\Firefox\\Profiles"}, {"hashes": ["81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb"], "path": "%APPDATA%\\n01b4flf.en2\\Firefox\\Profiles\\1lcuq8ab.default"}, {"hashes": ["81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb"], "path": "%APPDATA%\\n01b4flf.en2\\Firefox\\Profiles\\1lcuq8ab.default\\cookies.sqlite"}, {"hashes": ["81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb"], "path": "%APPDATA%\\zfftgT"}, {"hashes": ["b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "path": "%System32%\\Tasks\\Updates\\pUcoopDtE"}, {"hashes": ["81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb"], "path": "%APPDATA%\\zfftgT\\zfftgT.exe"}, {"hashes": ["81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb"], "path": "%APPDATA%\\nbXLPqxkBDPp.exe"}, {"hashes": ["81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb"], "path": "%System32%\\Tasks\\Updates\\nbXLPqxkBDPp"}], "ip": [{"hashes": ["7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb"], "ip": "149[.]154[.]167[.]220"}, {"hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828"], "ip": "192[.]169[.]69[.]26"}, {"hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828"], "ip": "212[.]193[.]30[.]230"}, {"hashes": ["6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa", "7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218", "9e3dd1cab3bb5c9980d75079dd5525cf724e0e496bf6fd7db27bf8124506b883"], "ip": "64[.]185[.]227[.]155"}, {"hashes": ["5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb"], "ip": "104[.]237[.]62[.]211"}, {"hashes": ["7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326"], "ip": "173[.]231[.]16[.]76"}, {"hashes": ["d26c2932bf50586ecc8c7f9df6d07116f7bea135ab4ebd51ce0dccf0d48b640e"], "ip": "199[.]188[.]205[.]55"}], "mutex": [{"hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828"], "name": "Global\\{72ec1ea3-16bf-4e76-a7cf-15ed5e2a0279}"}, {"hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f"], "name": "KN-B-3-EU54G0CZ0"}, {"hashes": ["16ef953132f6f51c904ccd3e04c933c20110c1dcbab443059df7218392291d5f"], "name": "ZGDBwvZGELZLRCPChpvbfrWD"}, {"hashes": ["3f5edf6f921e14f2640763e7178c2646a2131df0f8f447ae59100f3110939d9d"], "name": "wSloCryfIXeX"}, {"hashes": ["9e3dd1cab3bb5c9980d75079dd5525cf724e0e496bf6fd7db27bf8124506b883"], "name": "AbaRaIBjYcRU"}, {"hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b"], "name": "DKSNfcypnrJXzjQjnZkRUIeIcus"}, {"hashes": ["6fa4a794d4d0968b2aa5aa59739952e3d45f44d8a9cc73c75c138fcb789914fa"], "name": "rtTbzYl"}, {"hashes": ["7f9b57c29724dc1ff00b7760dcce1e38bf94335a2e44393882b276205f7ed218"], "name": "iixYkwOUaWaDXPy"}, {"hashes": ["3e7d7ffec0914a65f010b8a994fe91efa814e2e2a99ba5e6d349aa0b6aa4a19c"], "name": "tPTDaoIJnJFZnITdQgYpOTvc"}, {"hashes": ["d547ab6d0b28d86c32e3d981adc3c5476797c58a6a684a45c3ee0a74847fb571"], "name": "yCLOiDYWs"}, {"hashes": ["f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828"], "name": "NeczCEHFGCL"}, {"hashes": ["b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984"], "name": "CfXwBOmH"}, {"hashes": ["81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb"], "name": "pixAspxhe"}], "registry": [{"hashes": ["097d71f426327cb3ffb6f83f5751a9a81dd7e8ad0a854f66882f7de1c572a34b", "b0664bf756d2e493d222fc3e52f2ae50e9a1b29582ad345979e76695442ff984", "f17c5f11699824e0256b4b0b8ac64a97bf0ba7545e9149cf5f3b0e7f10cc4828"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "AGP Manager"}, {"hashes": ["5bed2e9d405ecb76915833a5b3e5c81afbfdc4b0bb742c4524e740dd25582eb7", "7f368076cc5c5cee446a8491832c17332673709bc739f6e3e3deeddfaf2f5326"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "uqlXk"}, {"hashes": ["81d6168162bbf9e13bde19c24fd797075a7ddde876c233f971c9114f1b0334fb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "zfftgT"}]}, "reports_count": 18}, "Win.Packed.Redline-10004447-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "pe-certificate", "hashes": ["5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0"], "mitre_attack_tags": []}, {"bi": "auto-update-disabled", "hashes": ["5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "pe-invalid-certificate-signature", "hashes": ["5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0"], "mitre_attack_tags": ["TA0005", "T1553"]}, {"bi": "registry-disable-windefender", "hashes": ["5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0"], "mitre_attack_tags": ["TA0005", "T1562"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Redline Stealer is an information-stealer written in .NET and sold on hacking forums.", "hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "iocs": {"domain": [], "file": [], "ip": [], "mutex": [], "registry": [{"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER", "value_name": "DisableAntiSpyware"}, {"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Start"}, {"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": null}, {"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": "NoAutoRebootWithLoggedOnUsers"}, {"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV", "value_name": "Start"}, {"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": "NoAutoUpdate"}, {"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": "DisableBehaviorMonitoring"}, {"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": "DisableOnAccessProtection"}, {"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": "DisableScanOnRealtimeEnable"}, {"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": "DisableIOAVProtection"}, {"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER", "value_name": null}, {"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": null}, {"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE", "value_name": null}, {"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS DEFENDER\\FEATURES", "value_name": null}, {"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS DEFENDER\\FEATURES", "value_name": "TamperProtection"}, {"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER\\REAL-TIME PROTECTION", "value_name": "DisableRealtimeMonitoring"}, {"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER SECURITY CENTER", "value_name": null}, {"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": "AUOptions"}, {"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": "AutoInstallMinorUpdates"}, {"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER SECURITY CENTER\\NOTIFICATIONS", "value_name": null}, {"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS DEFENDER SECURITY CENTER\\NOTIFICATIONS", "value_name": "DisableNotifications"}, {"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\AU", "value_name": "UseWUServer"}, {"hashes": ["0468aed948c966d973379f3321ad632bdb47462597eb37293fa63a6df50e786e", "0687ed000a8d454afd71dd8d2e434e05c292549453d1180fd870f1dd587ef257", "2e2d5d81146d974295d70f7f95da3f5889d6b89d9f6f74a106a67aa18c46c256", "33e02bfb76e29daba2408b0b54204bcf31322e43db27b9bf07f500d098b21c2a", "3d902c3c1daeee902e45427922d488b20bdb888bab2903e1c3a5bac13e0840f3", "4454448516eadaed2c73673e3c679d00701a2d3f507cbe91e7a7ddf83a5229f0", "52f0a8605e16fee96555022ae5a2582a8f0a1c9ca9e2edf8370aa5036d580340", "5857ead2de1bdd70583dc0bac98fa748e394a8f84eedfef2b181fffc6d0df097", "5c4b0c1c06ee33622fb00eca697f4b938b920f06fd14639d19f38356d0e93391", "6eb8c09718aab1e22c32014d73bfa92dc1407f09329c46e61623576f74a8b7cf", "7083871d557bb3098401cf258925cd1ab00f18f323520bbb782009adad502072", "74aa4dfe0587680b1ec5ce307fbfa72e4292717f1a9332ff6b0e468c6ad0ba3a", "7c83d296cd1bc895b62a94b332de51759bcdc7d91bbeaf405bd9bc0577646721", "7ff6bef8276020721e56160e9a442802174452775c16e794045eb99d2ca503ca", "8a51f12210bccebcf84558d3897b8bce2031698e62d83631d9fa1cab68ef0ef8", "991ef14f09db06924ccfcdd44b4ea839c6b9560a97a39608501fbf966606f592", "a05410fc760c1241b56d09033c1064bdecc8e722e5e65d21bc23120b27f70852", "a89ac9215339a2ec16d4d7246f12e4c481af063f727fd1246fe786cca1a2aefa", "b41f1d01b3d5ef152d8b444a519a87b361977c4a126aff585ca79c5ef3d4d41c", "e59fdf54e139fd6637781a4f59ac8024338e8f4488792d927c1d02999e6e93bb", "ea06e33529354e8d2569880a850d7f62307bedb2b91f1f5f7c3a1d48c859bb9c"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE", "value_name": "DoNotConnectToWindowsUpdateInternetLocations"}]}, "reports_count": 21}, "Win.Packed.Upatre-10004369-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "http-response-redirect", "hashes": ["a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0"], "mitre_attack_tags": []}, {"bi": "html-iframe-no-space", "hashes": ["a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "pe-section-blank-name", "hashes": ["a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "js-contains-massive-strings", "hashes": ["a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "html-suspicious-unescaping", "hashes": ["a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0"], "mitre_attack_tags": ["TA0005", "T1140"]}, {"bi": "html-page-not-found", "hashes": ["a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0"], "mitre_attack_tags": []}, {"bi": "html-form-post-action", "hashes": ["a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.", "hashes": ["0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93", "fe0f0fd899ffe97b5a37e090056a1eab6dd63b7b30cac38eaf45db1b6441b384"], "iocs": {"domain": [{"hashes": ["0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93"], "host": "www[.]hotelduomo[.]it"}, {"hashes": ["0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93"], "host": "villaveronica[.]it"}, {"hashes": ["0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93"], "host": "eusuhm2013[.]org[.]uk"}, {"hashes": ["0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93"], "host": "hotelduomo[.]it"}], "file": [{"hashes": ["0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93"], "path": "%TEMP%\\3001.exe"}, {"hashes": ["0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93"], "path": "%TEMP%\\flashplayer_update.exe"}], "ip": [{"hashes": ["0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93"], "ip": "62[.]149[.]128[.]45"}, {"hashes": ["0bd56e6e6f59c56b7c107cb5c4818d2fba44f5b6d90fbab7cc908277f3ab8fa3", "15dac903808c9f19a7961f37efe828dac86499fe17b387aa6d0eff603b4e84c0", "178d1a55d207bf045f46c06e1472c858be7fddf5b7e211d8177b4a8055bbfd7e", "1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "5a3a2c4fbd72c6899493fa8b62bffcd11577d0bf08efdca665928b375b6544df", "6a233b869b6e42631810e63dfbcdc92b9dd2562c7b543c930c1ef03519038914", "7ac9aadae064910cc8dda80676b46a91129fc531c3b4ffa0c76a9d90add55cee", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "88f7031f98b73d4b64d77cca04ca9da65ab66b4cf4fb0b4aec24f60f74ae2afb", "a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "d605dfc24d5e87f32eb1183e3d98cf1fe7c9f803da3df91c5007c2ccb2c4831a", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93"], "ip": "104[.]21[.]95[.]48"}, {"hashes": ["1d79a2799a768478a6ac9111d95de3007db84ae45db838111c639fe120a1b469", "2084fb1579880cdac8757c9675305e7ec288696dfff8e6d54bc867297506b7dc", "452e6481a7e3b68b60cf9070f226a226e2f25265fc912c7786a5e9980b2379d6", "493483be6b18a1eb48c8f4d68540d89ebba2e61f510710ce37baa33acaa1d732", "4df79454fea97f276930f3f1beca2428e6023667f1aeb8888a06b80507d34413", "5345e4664c128601cd83db03478f1b56b0d243d220523ae06a8367249647b2c4", "710a55ca42b9ef9157a180f121705b186ca703dcb486cdb409b4c4ed76ae4e41", "7ed5e9c3153bb9b3ba7ef009dd366ade67cdfd03c662dbd9214e7bbf5dcfe361", "a0142cd7f3a3e9f9818dec2eed7b8e77adc7839345218fdd1aa36b98b0a10c48", "b00a23aedf65dbf47724b491d79548b716473d0869bf3da8831e73d96a6cf583", "b4d850d517edee9687b77db88e95fae97fd3a933afcdd34573a4a53b8fd6c532", "bc79376797465a0d5372091b3aeb61a60a0156e3eef782c73643c8a054e287ae", "bee9c3f33fd8395e24302b80270f34eb826449f16a3a24bb587e5280fe070bc3", "c56848ba6e48aa286190532b3db0cbea18fa288dea3c172f7cde56e05a5d5b45", "d76eeea034cbbc2963a8662ae9f8358d1bd8131d411d1fccae5b858baf354f1e", "dbf2e22dc003baf9dc18eb9e9fb2fd4e30e1938e125b4daddc0a7060030fb2f1", "f1796960b14a1acc6e311f2a4d8396c8cd3314cf633e5c0e45ecc853276aec93"], "ip": "172[.]67[.]143[.]65"}], "mutex": [], "registry": []}, "reports_count": 25}, "Win.Ransomware.Cerber-10004233-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["daf9fd8e34e9dfb0458ee5f1797316c67b7066a3a99393f8db3a96e86fd61dc4", "014df8e6a9101e4bb3264ac22b8d9cc7e52d347345ed4c0b1cd14d74f274c8fd", "6dd5b22b53d2b2188190fa41ecf428fbff415e647f84b6c2f99dc9173380bd2a", "9f51c07df0b2abfa2fa3a57039d887563694b41e85eb117e6089480ea37345b4", "e4bb6b5730b4d8689880f8e27996e16f9295087dcb8e612cf80c9be1c5b81c68", "c9e36700005e5626e60c259b805c30693d1350f3bdfa20465ebbdb6af1b4d724", "b4d519e8832cd8099d0d25b85356aa3f920d80324d21268b8bbaedff2338b14c", "aa7ca754bdd16d64f5f056b1168776d53ea277533ff9ea11ef9b39a59dcbca18", "7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b", "dfccf92c7ab071fc8a664e4faaecc299dc3a0f10c4ff345d64c7364906d77533", "44928f1ae73a27aa1efb8090ae480e0170efe804e20e326b670864e163db1427", "45b258b3964c4a1a669a1b78abfd9c65482008517a1a8cf2b701372793e01b4a", "45790f44b1fdb4bb6b6abad4c546c2cb123fc1ad6e24b2a628d1e8f1935fcade", "b0edafda97209ec938343ecdbc4f37e8ae504ca25a7ed7b3b9864351527c5d76", "a80053812cc6891019818d073908f9e1c4c9a6b0c7463c57df063efe1ac0c834", "dec9b3063fbce95033b844f69145d05c9911986195c80a9e1d69128d411b2653", "a197f793517d4d1434ec520b1222022f78631bebf6ae1b97455969c0b073ff17", "833f575a4adeab246ed7d030c7a6d04c6d9111fda1718e02e9806d429d6dc181", "c119aa10c3c7c13b42139247e4f1677b769bbc5f349a12fad8367ca6ef8ca5d0", "75c07c449e5feaf70c3281fa229fea8899f4dce2679113590ab4bafdaee2eb81", "6e70ebf060d8eaa7082daaa93cf93e7e65fe2cf28ae1cd32de9e4b5581c24a86", "45176a6084162f91e5bb0c7ecad4df0cf74c3d0b2cd4068d1e6cd955daef3734", "cbd226056cb33b29094eed23dcf9311952da3675350d934a0014c50b2e2e27c5"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["daf9fd8e34e9dfb0458ee5f1797316c67b7066a3a99393f8db3a96e86fd61dc4", "014df8e6a9101e4bb3264ac22b8d9cc7e52d347345ed4c0b1cd14d74f274c8fd", "6dd5b22b53d2b2188190fa41ecf428fbff415e647f84b6c2f99dc9173380bd2a", "9f51c07df0b2abfa2fa3a57039d887563694b41e85eb117e6089480ea37345b4", "e4bb6b5730b4d8689880f8e27996e16f9295087dcb8e612cf80c9be1c5b81c68", "c9e36700005e5626e60c259b805c30693d1350f3bdfa20465ebbdb6af1b4d724", "b4d519e8832cd8099d0d25b85356aa3f920d80324d21268b8bbaedff2338b14c", "aa7ca754bdd16d64f5f056b1168776d53ea277533ff9ea11ef9b39a59dcbca18", "7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b", "dfccf92c7ab071fc8a664e4faaecc299dc3a0f10c4ff345d64c7364906d77533", "44928f1ae73a27aa1efb8090ae480e0170efe804e20e326b670864e163db1427", "45b258b3964c4a1a669a1b78abfd9c65482008517a1a8cf2b701372793e01b4a", "45790f44b1fdb4bb6b6abad4c546c2cb123fc1ad6e24b2a628d1e8f1935fcade", "b0edafda97209ec938343ecdbc4f37e8ae504ca25a7ed7b3b9864351527c5d76", "a80053812cc6891019818d073908f9e1c4c9a6b0c7463c57df063efe1ac0c834", "dec9b3063fbce95033b844f69145d05c9911986195c80a9e1d69128d411b2653", "a197f793517d4d1434ec520b1222022f78631bebf6ae1b97455969c0b073ff17", "833f575a4adeab246ed7d030c7a6d04c6d9111fda1718e02e9806d429d6dc181", "c119aa10c3c7c13b42139247e4f1677b769bbc5f349a12fad8367ca6ef8ca5d0", "75c07c449e5feaf70c3281fa229fea8899f4dce2679113590ab4bafdaee2eb81", "6e70ebf060d8eaa7082daaa93cf93e7e65fe2cf28ae1cd32de9e4b5581c24a86", "45176a6084162f91e5bb0c7ecad4df0cf74c3d0b2cd4068d1e6cd955daef3734", "cbd226056cb33b29094eed23dcf9311952da3675350d934a0014c50b2e2e27c5"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["daf9fd8e34e9dfb0458ee5f1797316c67b7066a3a99393f8db3a96e86fd61dc4", "014df8e6a9101e4bb3264ac22b8d9cc7e52d347345ed4c0b1cd14d74f274c8fd", "6dd5b22b53d2b2188190fa41ecf428fbff415e647f84b6c2f99dc9173380bd2a", "9f51c07df0b2abfa2fa3a57039d887563694b41e85eb117e6089480ea37345b4", "e4bb6b5730b4d8689880f8e27996e16f9295087dcb8e612cf80c9be1c5b81c68", "c9e36700005e5626e60c259b805c30693d1350f3bdfa20465ebbdb6af1b4d724", "b4d519e8832cd8099d0d25b85356aa3f920d80324d21268b8bbaedff2338b14c", "aa7ca754bdd16d64f5f056b1168776d53ea277533ff9ea11ef9b39a59dcbca18", "7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b", "dfccf92c7ab071fc8a664e4faaecc299dc3a0f10c4ff345d64c7364906d77533", "44928f1ae73a27aa1efb8090ae480e0170efe804e20e326b670864e163db1427", "45b258b3964c4a1a669a1b78abfd9c65482008517a1a8cf2b701372793e01b4a", "45790f44b1fdb4bb6b6abad4c546c2cb123fc1ad6e24b2a628d1e8f1935fcade", "b0edafda97209ec938343ecdbc4f37e8ae504ca25a7ed7b3b9864351527c5d76", "a80053812cc6891019818d073908f9e1c4c9a6b0c7463c57df063efe1ac0c834", "dec9b3063fbce95033b844f69145d05c9911986195c80a9e1d69128d411b2653", "a197f793517d4d1434ec520b1222022f78631bebf6ae1b97455969c0b073ff17", "833f575a4adeab246ed7d030c7a6d04c6d9111fda1718e02e9806d429d6dc181", "c119aa10c3c7c13b42139247e4f1677b769bbc5f349a12fad8367ca6ef8ca5d0", "75c07c449e5feaf70c3281fa229fea8899f4dce2679113590ab4bafdaee2eb81", "6e70ebf060d8eaa7082daaa93cf93e7e65fe2cf28ae1cd32de9e4b5581c24a86", "45176a6084162f91e5bb0c7ecad4df0cf74c3d0b2cd4068d1e6cd955daef3734", "cbd226056cb33b29094eed23dcf9311952da3675350d934a0014c50b2e2e27c5"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["daf9fd8e34e9dfb0458ee5f1797316c67b7066a3a99393f8db3a96e86fd61dc4", "014df8e6a9101e4bb3264ac22b8d9cc7e52d347345ed4c0b1cd14d74f274c8fd", "6dd5b22b53d2b2188190fa41ecf428fbff415e647f84b6c2f99dc9173380bd2a", "9f51c07df0b2abfa2fa3a57039d887563694b41e85eb117e6089480ea37345b4", "e4bb6b5730b4d8689880f8e27996e16f9295087dcb8e612cf80c9be1c5b81c68", "c9e36700005e5626e60c259b805c30693d1350f3bdfa20465ebbdb6af1b4d724", "b4d519e8832cd8099d0d25b85356aa3f920d80324d21268b8bbaedff2338b14c", "aa7ca754bdd16d64f5f056b1168776d53ea277533ff9ea11ef9b39a59dcbca18", "7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b", "dfccf92c7ab071fc8a664e4faaecc299dc3a0f10c4ff345d64c7364906d77533", "44928f1ae73a27aa1efb8090ae480e0170efe804e20e326b670864e163db1427", "45b258b3964c4a1a669a1b78abfd9c65482008517a1a8cf2b701372793e01b4a", "45790f44b1fdb4bb6b6abad4c546c2cb123fc1ad6e24b2a628d1e8f1935fcade", "b0edafda97209ec938343ecdbc4f37e8ae504ca25a7ed7b3b9864351527c5d76", "a80053812cc6891019818d073908f9e1c4c9a6b0c7463c57df063efe1ac0c834", "dec9b3063fbce95033b844f69145d05c9911986195c80a9e1d69128d411b2653", "a197f793517d4d1434ec520b1222022f78631bebf6ae1b97455969c0b073ff17", "833f575a4adeab246ed7d030c7a6d04c6d9111fda1718e02e9806d429d6dc181", "c119aa10c3c7c13b42139247e4f1677b769bbc5f349a12fad8367ca6ef8ca5d0", "75c07c449e5feaf70c3281fa229fea8899f4dce2679113590ab4bafdaee2eb81", "6e70ebf060d8eaa7082daaa93cf93e7e65fe2cf28ae1cd32de9e4b5581c24a86", "45176a6084162f91e5bb0c7ecad4df0cf74c3d0b2cd4068d1e6cd955daef3734", "cbd226056cb33b29094eed23dcf9311952da3675350d934a0014c50b2e2e27c5"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["daf9fd8e34e9dfb0458ee5f1797316c67b7066a3a99393f8db3a96e86fd61dc4", "014df8e6a9101e4bb3264ac22b8d9cc7e52d347345ed4c0b1cd14d74f274c8fd", "6dd5b22b53d2b2188190fa41ecf428fbff415e647f84b6c2f99dc9173380bd2a", "9f51c07df0b2abfa2fa3a57039d887563694b41e85eb117e6089480ea37345b4", "e4bb6b5730b4d8689880f8e27996e16f9295087dcb8e612cf80c9be1c5b81c68", "c9e36700005e5626e60c259b805c30693d1350f3bdfa20465ebbdb6af1b4d724", "b4d519e8832cd8099d0d25b85356aa3f920d80324d21268b8bbaedff2338b14c", "aa7ca754bdd16d64f5f056b1168776d53ea277533ff9ea11ef9b39a59dcbca18", "7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b", "dfccf92c7ab071fc8a664e4faaecc299dc3a0f10c4ff345d64c7364906d77533", "44928f1ae73a27aa1efb8090ae480e0170efe804e20e326b670864e163db1427", "45b258b3964c4a1a669a1b78abfd9c65482008517a1a8cf2b701372793e01b4a", "45790f44b1fdb4bb6b6abad4c546c2cb123fc1ad6e24b2a628d1e8f1935fcade", "b0edafda97209ec938343ecdbc4f37e8ae504ca25a7ed7b3b9864351527c5d76", "a80053812cc6891019818d073908f9e1c4c9a6b0c7463c57df063efe1ac0c834", "dec9b3063fbce95033b844f69145d05c9911986195c80a9e1d69128d411b2653", "a197f793517d4d1434ec520b1222022f78631bebf6ae1b97455969c0b073ff17", "833f575a4adeab246ed7d030c7a6d04c6d9111fda1718e02e9806d429d6dc181", "c119aa10c3c7c13b42139247e4f1677b769bbc5f349a12fad8367ca6ef8ca5d0", "75c07c449e5feaf70c3281fa229fea8899f4dce2679113590ab4bafdaee2eb81", "6e70ebf060d8eaa7082daaa93cf93e7e65fe2cf28ae1cd32de9e4b5581c24a86", "45176a6084162f91e5bb0c7ecad4df0cf74c3d0b2cd4068d1e6cd955daef3734", "cbd226056cb33b29094eed23dcf9311952da3675350d934a0014c50b2e2e27c5"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "artifact-flagged-antianalysis", "hashes": ["daf9fd8e34e9dfb0458ee5f1797316c67b7066a3a99393f8db3a96e86fd61dc4", "014df8e6a9101e4bb3264ac22b8d9cc7e52d347345ed4c0b1cd14d74f274c8fd", "6dd5b22b53d2b2188190fa41ecf428fbff415e647f84b6c2f99dc9173380bd2a", "9f51c07df0b2abfa2fa3a57039d887563694b41e85eb117e6089480ea37345b4", "e4bb6b5730b4d8689880f8e27996e16f9295087dcb8e612cf80c9be1c5b81c68", "c9e36700005e5626e60c259b805c30693d1350f3bdfa20465ebbdb6af1b4d724", "b4d519e8832cd8099d0d25b85356aa3f920d80324d21268b8bbaedff2338b14c", "aa7ca754bdd16d64f5f056b1168776d53ea277533ff9ea11ef9b39a59dcbca18", "7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b", "dfccf92c7ab071fc8a664e4faaecc299dc3a0f10c4ff345d64c7364906d77533", "44928f1ae73a27aa1efb8090ae480e0170efe804e20e326b670864e163db1427", "45b258b3964c4a1a669a1b78abfd9c65482008517a1a8cf2b701372793e01b4a", "45790f44b1fdb4bb6b6abad4c546c2cb123fc1ad6e24b2a628d1e8f1935fcade", "b0edafda97209ec938343ecdbc4f37e8ae504ca25a7ed7b3b9864351527c5d76", "a80053812cc6891019818d073908f9e1c4c9a6b0c7463c57df063efe1ac0c834", "dec9b3063fbce95033b844f69145d05c9911986195c80a9e1d69128d411b2653", "a197f793517d4d1434ec520b1222022f78631bebf6ae1b97455969c0b073ff17", "833f575a4adeab246ed7d030c7a6d04c6d9111fda1718e02e9806d429d6dc181", "c119aa10c3c7c13b42139247e4f1677b769bbc5f349a12fad8367ca6ef8ca5d0", "75c07c449e5feaf70c3281fa229fea8899f4dce2679113590ab4bafdaee2eb81", "6e70ebf060d8eaa7082daaa93cf93e7e65fe2cf28ae1cd32de9e4b5581c24a86", "45176a6084162f91e5bb0c7ecad4df0cf74c3d0b2cd4068d1e6cd955daef3734", "cbd226056cb33b29094eed23dcf9311952da3675350d934a0014c50b2e2e27c5"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["daf9fd8e34e9dfb0458ee5f1797316c67b7066a3a99393f8db3a96e86fd61dc4", "014df8e6a9101e4bb3264ac22b8d9cc7e52d347345ed4c0b1cd14d74f274c8fd", "6dd5b22b53d2b2188190fa41ecf428fbff415e647f84b6c2f99dc9173380bd2a", "9f51c07df0b2abfa2fa3a57039d887563694b41e85eb117e6089480ea37345b4", "c9e36700005e5626e60c259b805c30693d1350f3bdfa20465ebbdb6af1b4d724", "b4d519e8832cd8099d0d25b85356aa3f920d80324d21268b8bbaedff2338b14c", "aa7ca754bdd16d64f5f056b1168776d53ea277533ff9ea11ef9b39a59dcbca18", "44928f1ae73a27aa1efb8090ae480e0170efe804e20e326b670864e163db1427", "45b258b3964c4a1a669a1b78abfd9c65482008517a1a8cf2b701372793e01b4a", "45790f44b1fdb4bb6b6abad4c546c2cb123fc1ad6e24b2a628d1e8f1935fcade", "a80053812cc6891019818d073908f9e1c4c9a6b0c7463c57df063efe1ac0c834", "833f575a4adeab246ed7d030c7a6d04c6d9111fda1718e02e9806d429d6dc181", "c119aa10c3c7c13b42139247e4f1677b769bbc5f349a12fad8367ca6ef8ca5d0", "6e70ebf060d8eaa7082daaa93cf93e7e65fe2cf28ae1cd32de9e4b5581c24a86"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["daf9fd8e34e9dfb0458ee5f1797316c67b7066a3a99393f8db3a96e86fd61dc4", "014df8e6a9101e4bb3264ac22b8d9cc7e52d347345ed4c0b1cd14d74f274c8fd", "6dd5b22b53d2b2188190fa41ecf428fbff415e647f84b6c2f99dc9173380bd2a", "9f51c07df0b2abfa2fa3a57039d887563694b41e85eb117e6089480ea37345b4", "c9e36700005e5626e60c259b805c30693d1350f3bdfa20465ebbdb6af1b4d724", "b4d519e8832cd8099d0d25b85356aa3f920d80324d21268b8bbaedff2338b14c", "aa7ca754bdd16d64f5f056b1168776d53ea277533ff9ea11ef9b39a59dcbca18", "44928f1ae73a27aa1efb8090ae480e0170efe804e20e326b670864e163db1427", "45b258b3964c4a1a669a1b78abfd9c65482008517a1a8cf2b701372793e01b4a", "45790f44b1fdb4bb6b6abad4c546c2cb123fc1ad6e24b2a628d1e8f1935fcade", "a80053812cc6891019818d073908f9e1c4c9a6b0c7463c57df063efe1ac0c834", "833f575a4adeab246ed7d030c7a6d04c6d9111fda1718e02e9806d429d6dc181", "c119aa10c3c7c13b42139247e4f1677b769bbc5f349a12fad8367ca6ef8ca5d0", "6e70ebf060d8eaa7082daaa93cf93e7e65fe2cf28ae1cd32de9e4b5581c24a86"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["daf9fd8e34e9dfb0458ee5f1797316c67b7066a3a99393f8db3a96e86fd61dc4", "014df8e6a9101e4bb3264ac22b8d9cc7e52d347345ed4c0b1cd14d74f274c8fd", "6dd5b22b53d2b2188190fa41ecf428fbff415e647f84b6c2f99dc9173380bd2a", "9f51c07df0b2abfa2fa3a57039d887563694b41e85eb117e6089480ea37345b4", "c9e36700005e5626e60c259b805c30693d1350f3bdfa20465ebbdb6af1b4d724", "b4d519e8832cd8099d0d25b85356aa3f920d80324d21268b8bbaedff2338b14c", "aa7ca754bdd16d64f5f056b1168776d53ea277533ff9ea11ef9b39a59dcbca18", "44928f1ae73a27aa1efb8090ae480e0170efe804e20e326b670864e163db1427", "45b258b3964c4a1a669a1b78abfd9c65482008517a1a8cf2b701372793e01b4a", "45790f44b1fdb4bb6b6abad4c546c2cb123fc1ad6e24b2a628d1e8f1935fcade", "a80053812cc6891019818d073908f9e1c4c9a6b0c7463c57df063efe1ac0c834", "833f575a4adeab246ed7d030c7a6d04c6d9111fda1718e02e9806d429d6dc181", "c119aa10c3c7c13b42139247e4f1677b769bbc5f349a12fad8367ca6ef8ca5d0", "6e70ebf060d8eaa7082daaa93cf93e7e65fe2cf28ae1cd32de9e4b5581c24a86"], "mitre_attack_tags": []}, {"bi": "excessive-udp-connections", "hashes": ["e4bb6b5730b4d8689880f8e27996e16f9295087dcb8e612cf80c9be1c5b81c68", "7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b", "dfccf92c7ab071fc8a664e4faaecc299dc3a0f10c4ff345d64c7364906d77533", "b0edafda97209ec938343ecdbc4f37e8ae504ca25a7ed7b3b9864351527c5d76", "dec9b3063fbce95033b844f69145d05c9911986195c80a9e1d69128d411b2653", "a197f793517d4d1434ec520b1222022f78631bebf6ae1b97455969c0b073ff17", "75c07c449e5feaf70c3281fa229fea8899f4dce2679113590ab4bafdaee2eb81", "45176a6084162f91e5bb0c7ecad4df0cf74c3d0b2cd4068d1e6cd955daef3734", "cbd226056cb33b29094eed23dcf9311952da3675350d934a0014c50b2e2e27c5"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "malware-ransomware-cerber", "hashes": ["e4bb6b5730b4d8689880f8e27996e16f9295087dcb8e612cf80c9be1c5b81c68", "7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b", "dfccf92c7ab071fc8a664e4faaecc299dc3a0f10c4ff345d64c7364906d77533", "b0edafda97209ec938343ecdbc4f37e8ae504ca25a7ed7b3b9864351527c5d76", "dec9b3063fbce95033b844f69145d05c9911986195c80a9e1d69128d411b2653", "a197f793517d4d1434ec520b1222022f78631bebf6ae1b97455969c0b073ff17", "75c07c449e5feaf70c3281fa229fea8899f4dce2679113590ab4bafdaee2eb81", "45176a6084162f91e5bb0c7ecad4df0cf74c3d0b2cd4068d1e6cd955daef3734", "cbd226056cb33b29094eed23dcf9311952da3675350d934a0014c50b2e2e27c5"], "mitre_attack_tags": ["TA0040", "T1486"]}, {"bi": "malware-generic-ransomware-backup-del", "hashes": ["e4bb6b5730b4d8689880f8e27996e16f9295087dcb8e612cf80c9be1c5b81c68", "7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b", "dfccf92c7ab071fc8a664e4faaecc299dc3a0f10c4ff345d64c7364906d77533", "b0edafda97209ec938343ecdbc4f37e8ae504ca25a7ed7b3b9864351527c5d76", "dec9b3063fbce95033b844f69145d05c9911986195c80a9e1d69128d411b2653", "a197f793517d4d1434ec520b1222022f78631bebf6ae1b97455969c0b073ff17", "75c07c449e5feaf70c3281fa229fea8899f4dce2679113590ab4bafdaee2eb81", "45176a6084162f91e5bb0c7ecad4df0cf74c3d0b2cd4068d1e6cd955daef3734", "cbd226056cb33b29094eed23dcf9311952da3675350d934a0014c50b2e2e27c5"], "mitre_attack_tags": []}, {"bi": "wmic-shadowcopy-delete", "hashes": ["e4bb6b5730b4d8689880f8e27996e16f9295087dcb8e612cf80c9be1c5b81c68", "7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b", "dfccf92c7ab071fc8a664e4faaecc299dc3a0f10c4ff345d64c7364906d77533", "b0edafda97209ec938343ecdbc4f37e8ae504ca25a7ed7b3b9864351527c5d76", "dec9b3063fbce95033b844f69145d05c9911986195c80a9e1d69128d411b2653", "a197f793517d4d1434ec520b1222022f78631bebf6ae1b97455969c0b073ff17", "75c07c449e5feaf70c3281fa229fea8899f4dce2679113590ab4bafdaee2eb81", "45176a6084162f91e5bb0c7ecad4df0cf74c3d0b2cd4068d1e6cd955daef3734", "cbd226056cb33b29094eed23dcf9311952da3675350d934a0014c50b2e2e27c5"], "mitre_attack_tags": ["TA0002", "TA0040", "T1047", "T1490"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["e4bb6b5730b4d8689880f8e27996e16f9295087dcb8e612cf80c9be1c5b81c68", "7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b", "dfccf92c7ab071fc8a664e4faaecc299dc3a0f10c4ff345d64c7364906d77533", "b0edafda97209ec938343ecdbc4f37e8ae504ca25a7ed7b3b9864351527c5d76", "dec9b3063fbce95033b844f69145d05c9911986195c80a9e1d69128d411b2653", "a197f793517d4d1434ec520b1222022f78631bebf6ae1b97455969c0b073ff17", "75c07c449e5feaf70c3281fa229fea8899f4dce2679113590ab4bafdaee2eb81", "45176a6084162f91e5bb0c7ecad4df0cf74c3d0b2cd4068d1e6cd955daef3734", "cbd226056cb33b29094eed23dcf9311952da3675350d934a0014c50b2e2e27c5"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "process-requested-named-pipe", "hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-file-in-program-dir", "hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "mitre_attack_tags": []}, {"bi": "document-decoy-dropped", "hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "mitre_attack_tags": []}, {"bi": "malware-generic-ransomware-entropy", "hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "mitre_attack_tags": []}, {"bi": "process-deletes-many-files", "hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "mitre_attack_tags": []}, {"bi": "enumeration-email-program-information", "hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "rtf-appended-data", "hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "rtf-high-entropy", "hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "mitre_attack_tags": ["TA0005", "T1027"]}], "category": "Ransomware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Cerber is ransomware that encrypts documents, photos, databases and other important files. Historically, this malware would replace files with encrypted versions and add the file extension \".cerber,\" although in more recent campaigns, other file extensions are used.", "hashes": ["014df8e6a9101e4bb3264ac22b8d9cc7e52d347345ed4c0b1cd14d74f274c8fd", "44928f1ae73a27aa1efb8090ae480e0170efe804e20e326b670864e163db1427", "45176a6084162f91e5bb0c7ecad4df0cf74c3d0b2cd4068d1e6cd955daef3734", "45790f44b1fdb4bb6b6abad4c546c2cb123fc1ad6e24b2a628d1e8f1935fcade", "45b258b3964c4a1a669a1b78abfd9c65482008517a1a8cf2b701372793e01b4a", "6dd5b22b53d2b2188190fa41ecf428fbff415e647f84b6c2f99dc9173380bd2a", "6e70ebf060d8eaa7082daaa93cf93e7e65fe2cf28ae1cd32de9e4b5581c24a86", "75c07c449e5feaf70c3281fa229fea8899f4dce2679113590ab4bafdaee2eb81", "7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b", "833f575a4adeab246ed7d030c7a6d04c6d9111fda1718e02e9806d429d6dc181", "9f51c07df0b2abfa2fa3a57039d887563694b41e85eb117e6089480ea37345b4", "a197f793517d4d1434ec520b1222022f78631bebf6ae1b97455969c0b073ff17", "a80053812cc6891019818d073908f9e1c4c9a6b0c7463c57df063efe1ac0c834", "aa7ca754bdd16d64f5f056b1168776d53ea277533ff9ea11ef9b39a59dcbca18", "b0edafda97209ec938343ecdbc4f37e8ae504ca25a7ed7b3b9864351527c5d76", "b4d519e8832cd8099d0d25b85356aa3f920d80324d21268b8bbaedff2338b14c", "c119aa10c3c7c13b42139247e4f1677b769bbc5f349a12fad8367ca6ef8ca5d0", "c9e36700005e5626e60c259b805c30693d1350f3bdfa20465ebbdb6af1b4d724", "cbd226056cb33b29094eed23dcf9311952da3675350d934a0014c50b2e2e27c5", "daf9fd8e34e9dfb0458ee5f1797316c67b7066a3a99393f8db3a96e86fd61dc4", "dec9b3063fbce95033b844f69145d05c9911986195c80a9e1d69128d411b2653", "dfccf92c7ab071fc8a664e4faaecc299dc3a0f10c4ff345d64c7364906d77533", "e4bb6b5730b4d8689880f8e27996e16f9295087dcb8e612cf80c9be1c5b81c68"], "iocs": {"domain": [], "file": [{"hashes": ["45176a6084162f91e5bb0c7ecad4df0cf74c3d0b2cd4068d1e6cd955daef3734", "75c07c449e5feaf70c3281fa229fea8899f4dce2679113590ab4bafdaee2eb81", "7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b", "a197f793517d4d1434ec520b1222022f78631bebf6ae1b97455969c0b073ff17", "b0edafda97209ec938343ecdbc4f37e8ae504ca25a7ed7b3b9864351527c5d76", "cbd226056cb33b29094eed23dcf9311952da3675350d934a0014c50b2e2e27c5", "dec9b3063fbce95033b844f69145d05c9911986195c80a9e1d69128d411b2653", "dfccf92c7ab071fc8a664e4faaecc299dc3a0f10c4ff345d64c7364906d77533", "e4bb6b5730b4d8689880f8e27996e16f9295087dcb8e612cf80c9be1c5b81c68"], "path": "%TEMP%\\d19ab989"}, {"hashes": ["45176a6084162f91e5bb0c7ecad4df0cf74c3d0b2cd4068d1e6cd955daef3734", "75c07c449e5feaf70c3281fa229fea8899f4dce2679113590ab4bafdaee2eb81", "7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b", "a197f793517d4d1434ec520b1222022f78631bebf6ae1b97455969c0b073ff17", "b0edafda97209ec938343ecdbc4f37e8ae504ca25a7ed7b3b9864351527c5d76", "cbd226056cb33b29094eed23dcf9311952da3675350d934a0014c50b2e2e27c5", "dec9b3063fbce95033b844f69145d05c9911986195c80a9e1d69128d411b2653", "dfccf92c7ab071fc8a664e4faaecc299dc3a0f10c4ff345d64c7364906d77533", "e4bb6b5730b4d8689880f8e27996e16f9295087dcb8e612cf80c9be1c5b81c68"], "path": "%TEMP%\\d19ab989\\4710.tmp"}, {"hashes": ["45176a6084162f91e5bb0c7ecad4df0cf74c3d0b2cd4068d1e6cd955daef3734", "75c07c449e5feaf70c3281fa229fea8899f4dce2679113590ab4bafdaee2eb81", "7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b", "a197f793517d4d1434ec520b1222022f78631bebf6ae1b97455969c0b073ff17", "b0edafda97209ec938343ecdbc4f37e8ae504ca25a7ed7b3b9864351527c5d76", "cbd226056cb33b29094eed23dcf9311952da3675350d934a0014c50b2e2e27c5", "dec9b3063fbce95033b844f69145d05c9911986195c80a9e1d69128d411b2653", "dfccf92c7ab071fc8a664e4faaecc299dc3a0f10c4ff345d64c7364906d77533", "e4bb6b5730b4d8689880f8e27996e16f9295087dcb8e612cf80c9be1c5b81c68"], "path": "%TEMP%\\d19ab989\\a35f.tmp"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "%ProgramData%\\Microsoft\\RAC\\StateData\\README.hta"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "%ProgramData%\\Microsoft\\RAC\\StateData\\RacDatabase.sdf"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "%ProgramData%\\Microsoft\\Windows\\Power Efficiency Diagnostics\\README.hta"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "%ProgramData%\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-2015-04-30.xml"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "%ProgramData%\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report-latest.xml"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "UNC\\PC%APPDATA%\\Microsoft\\Document Building Blocks\\1033\\14\\README.hta"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "UNC\\PC%APPDATA%\\Microsoft\\Templates\\LiveContent\\Managed\\Word Document Building Blocks\\1033\\README.hta"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "UNC\\PC%APPDATA%\\Microsoft\\Templates\\README.hta"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "UNC\\PC%HOMEPATH%\\Documents\\OneNote Notebooks\\Notes\\README.hta"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "UNC\\PC%HOMEPATH%\\Documents\\OneNote Notebooks\\Personal\\README.hta"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "UNC\\PC%HOMEPATH%\\Documents\\README.hta"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "UNC\\PC\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\README.hta"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "UNC\\PC\\Users\\All Users\\Microsoft\\RAC\\StateData\\README.hta"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "UNC\\PC\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\README.hta"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "\\MSOCache\\All Users\\{90140000-001A-0409-0000-0000000FF1CE}-C\\README.hta"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "\\MSOCache\\All Users\\{90140000-002C-0409-0000-0000000FF1CE}-C\\README.hta"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\README.hta"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\Access.en-us\\README.hta"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "\\MSOCache\\All Users\\{90140000-0117-0409-0000-0000000FF1CE}-C\\README.hta"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\README.hta"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\Templates\\1033\\ONENOTE\\14\\Stationery\\README.hta"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "%APPDATA%\\Microsoft\\Access\\README.hta"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "%HOMEPATH%\\Contacts\\README.hta"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "%HOMEPATH%\\Documents\\Outlook Files\\README.hta"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "\\PC%HOMEPATH%\\Documents\\127SYLLABUSFA07.PDF"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "\\PC%HOMEPATH%\\Documents\\1_ANKITAMISHRA_ESSAY.DOC"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "\\PC%HOMEPATH%\\Documents\\2329444014.DOC"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "\\PC%HOMEPATH%\\Documents\\2590OTHERSUPPORT.DOC"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "\\PC%HOMEPATH%\\Documents\\2Q37_DELETIONS_FTNW.PDF"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "\\PC%HOMEPATH%\\Documents\\46_DSENV.DOC"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "\\PC%HOMEPATH%\\Documents\\AT_DOM_E.DOC"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "\\PC%HOMEPATH%\\Documents\\CONTRACTAPPENDIXB.DOC"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "\\PC%HOMEPATH%\\Documents\\DC546113F9030F161A90B734F3.XLSX"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "\\PC%HOMEPATH%\\Documents\\ERSD200502_E.DOC"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "\\PC%HOMEPATH%\\Documents\\HUNJA2B3_E.DOC"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "\\PC%HOMEPATH%\\Documents\\IATA_OMC_TOURISM.DOC"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "\\PC%HOMEPATH%\\Documents\\ZA___NR_8_ANALIZA_DOKUMENT.DOCX"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "\\PC%HOMEPATH%\\Documents\\10_147_20121129071628.RTF"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "\\PC%HOMEPATH%\\Documents\\15_DIPLOMSKI2006.RTF"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "UNC\\PC\\Users\\All Users\\Microsoft\\RAC\\PublishedData\\sC_GwQnq7R.83df"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "UNC\\PC\\Users\\All Users\\Microsoft\\RAC\\StateData\\NYpdfM38Wz.83df"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "UNC\\PC\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\IHVUsEQV9v.83df"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "UNC\\PC\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\qyrSMRBtcD.83df"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "%ProgramData%\\Microsoft\\RAC\\PublishedData\\sC_GwQnq7R.83df"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "%ProgramData%\\Microsoft\\RAC\\StateData\\NYpdfM38Wz.83df"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "%ProgramData%\\Microsoft\\Windows\\Power Efficiency Diagnostics\\IHVUsEQV9v.83df"}, {"hashes": ["7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b"], "path": "%ProgramData%\\Microsoft\\Windows\\Power Efficiency Diagnostics\\qyrSMRBtcD.83df"}], "ip": [{"hashes": ["45176a6084162f91e5bb0c7ecad4df0cf74c3d0b2cd4068d1e6cd955daef3734", "75c07c449e5feaf70c3281fa229fea8899f4dce2679113590ab4bafdaee2eb81", "7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b", "a197f793517d4d1434ec520b1222022f78631bebf6ae1b97455969c0b073ff17", "b0edafda97209ec938343ecdbc4f37e8ae504ca25a7ed7b3b9864351527c5d76", "cbd226056cb33b29094eed23dcf9311952da3675350d934a0014c50b2e2e27c5", "dec9b3063fbce95033b844f69145d05c9911986195c80a9e1d69128d411b2653", "dfccf92c7ab071fc8a664e4faaecc299dc3a0f10c4ff345d64c7364906d77533", "e4bb6b5730b4d8689880f8e27996e16f9295087dcb8e612cf80c9be1c5b81c68"], "ip": "194[.]165[.]16[.]0/22"}, {"hashes": ["45176a6084162f91e5bb0c7ecad4df0cf74c3d0b2cd4068d1e6cd955daef3734", "75c07c449e5feaf70c3281fa229fea8899f4dce2679113590ab4bafdaee2eb81", "7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b", "a197f793517d4d1434ec520b1222022f78631bebf6ae1b97455969c0b073ff17", "b0edafda97209ec938343ecdbc4f37e8ae504ca25a7ed7b3b9864351527c5d76", "cbd226056cb33b29094eed23dcf9311952da3675350d934a0014c50b2e2e27c5", "dec9b3063fbce95033b844f69145d05c9911986195c80a9e1d69128d411b2653", "dfccf92c7ab071fc8a664e4faaecc299dc3a0f10c4ff345d64c7364906d77533", "e4bb6b5730b4d8689880f8e27996e16f9295087dcb8e612cf80c9be1c5b81c68"], "ip": "65[.]55[.]50[.]0/27"}, {"hashes": ["45176a6084162f91e5bb0c7ecad4df0cf74c3d0b2cd4068d1e6cd955daef3734", "75c07c449e5feaf70c3281fa229fea8899f4dce2679113590ab4bafdaee2eb81", "7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b", "a197f793517d4d1434ec520b1222022f78631bebf6ae1b97455969c0b073ff17", "b0edafda97209ec938343ecdbc4f37e8ae504ca25a7ed7b3b9864351527c5d76", "cbd226056cb33b29094eed23dcf9311952da3675350d934a0014c50b2e2e27c5", "dec9b3063fbce95033b844f69145d05c9911986195c80a9e1d69128d411b2653", "dfccf92c7ab071fc8a664e4faaecc299dc3a0f10c4ff345d64c7364906d77533", "e4bb6b5730b4d8689880f8e27996e16f9295087dcb8e612cf80c9be1c5b81c68"], "ip": "192[.]42[.]118[.]0/27"}], "mutex": [{"hashes": ["014df8e6a9101e4bb3264ac22b8d9cc7e52d347345ed4c0b1cd14d74f274c8fd", "44928f1ae73a27aa1efb8090ae480e0170efe804e20e326b670864e163db1427", "45790f44b1fdb4bb6b6abad4c546c2cb123fc1ad6e24b2a628d1e8f1935fcade", "45b258b3964c4a1a669a1b78abfd9c65482008517a1a8cf2b701372793e01b4a", "6dd5b22b53d2b2188190fa41ecf428fbff415e647f84b6c2f99dc9173380bd2a", "6e70ebf060d8eaa7082daaa93cf93e7e65fe2cf28ae1cd32de9e4b5581c24a86", "833f575a4adeab246ed7d030c7a6d04c6d9111fda1718e02e9806d429d6dc181", "9f51c07df0b2abfa2fa3a57039d887563694b41e85eb117e6089480ea37345b4", "a80053812cc6891019818d073908f9e1c4c9a6b0c7463c57df063efe1ac0c834", "aa7ca754bdd16d64f5f056b1168776d53ea277533ff9ea11ef9b39a59dcbca18", "b4d519e8832cd8099d0d25b85356aa3f920d80324d21268b8bbaedff2338b14c", "c119aa10c3c7c13b42139247e4f1677b769bbc5f349a12fad8367ca6ef8ca5d0", "c9e36700005e5626e60c259b805c30693d1350f3bdfa20465ebbdb6af1b4d724", "daf9fd8e34e9dfb0458ee5f1797316c67b7066a3a99393f8db3a96e86fd61dc4"], "name": "Global\\<random guid>"}, {"hashes": ["45176a6084162f91e5bb0c7ecad4df0cf74c3d0b2cd4068d1e6cd955daef3734", "75c07c449e5feaf70c3281fa229fea8899f4dce2679113590ab4bafdaee2eb81", "7a7b239613d44d0b690cee93022de0a4171fc2040e6eafd6002fbd4a77f1685b", "a197f793517d4d1434ec520b1222022f78631bebf6ae1b97455969c0b073ff17", "b0edafda97209ec938343ecdbc4f37e8ae504ca25a7ed7b3b9864351527c5d76", "cbd226056cb33b29094eed23dcf9311952da3675350d934a0014c50b2e2e27c5", "dec9b3063fbce95033b844f69145d05c9911986195c80a9e1d69128d411b2653", "dfccf92c7ab071fc8a664e4faaecc299dc3a0f10c4ff345d64c7364906d77533", "e4bb6b5730b4d8689880f8e27996e16f9295087dcb8e612cf80c9be1c5b81c68"], "name": "shell.{381828AA-8B28-3374-1B67-35680555C5EF}"}], "registry": []}, "reports_count": 23}, "Win.Virus.Ramnit-10004200-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["c7c64e6d0e88a2663a8557f35d7aeeb15ee4ad281af6adfe1a26ca11b435ba9c", "fceccca0f030731609c20119d192627e92b55963e82ccbae5aab42cabf139e41", "6d2133f6563cff051a57d19c50875a799b2490b686a7f1d11d2c13b342243509", "a24fc35cad24e3ed2357528adf84cc03b77205de39ed4e6922b676282150597f", "a291dfed9100241eb471c331f70ac8b5c6c323d79e1252055bd7aa4e31c62be7", "755f131bf7d3438c2d49127dbce152bbb66b0954602775fa58d13a1584a43551", "24d69cf7dd629250d0cdebbae146525ec9db913b596c9c21ad22a7c54d39c9a3", "b29e1261cf467039caf09f2b63254c88a9cbca4fccbad91a5009572cda59e83b", "febb2993cbbb1593e630bd7d814115518fb038d81497e9945cb3c5da3de2d9ee", "91e436eb7463ff9ef416858a0e46b73fd4a8e738b504b7f8ebb27283eef65d47", "4adc301787ef8f4c954e69d7ef629657366e17f6a891c33c1eee3a83a7f64e9c", "438259174450f0a034eb3356e5cd9fde06468fd71369fcf350d78ebc99e0a9ce", "182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939", "a0bc4dc1f8cc7615a66d62afef67d2eee6af39c0ba59396bc5472c726474ae49", "8202953b0fe4d73156bae712ab5cc481d5bc9134745dcd5b8b5c50e18a5500f3", "593487ca56545968d3b79d6d945f0747938b5d7c2fe3884e2e1d9bc0138f3af2", "ea892a3dc73f8dab3a84b24f88b843600e8357fd56d85f9fc90fb858ec2c4fa7", "eb803216f92e5bf2cea2320d9e9490eda37655f6d51971a6ea83f99bf62c875b", "d66f497dcf49c54ca5ebeb7d6f19dc65e959ddaf288bb477884f5394c035bea1", "3f9cdadb6bdffa0259111aef35af5b1cd49900a024181bdfaca49e00162edb8b", "83cc953df29bdf1a059cce0966a6f31defebc4c5709d149f38fbd3e04c7a0e85"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["c7c64e6d0e88a2663a8557f35d7aeeb15ee4ad281af6adfe1a26ca11b435ba9c", "fceccca0f030731609c20119d192627e92b55963e82ccbae5aab42cabf139e41", "6d2133f6563cff051a57d19c50875a799b2490b686a7f1d11d2c13b342243509", "a24fc35cad24e3ed2357528adf84cc03b77205de39ed4e6922b676282150597f", "a291dfed9100241eb471c331f70ac8b5c6c323d79e1252055bd7aa4e31c62be7", "755f131bf7d3438c2d49127dbce152bbb66b0954602775fa58d13a1584a43551", "24d69cf7dd629250d0cdebbae146525ec9db913b596c9c21ad22a7c54d39c9a3", "b29e1261cf467039caf09f2b63254c88a9cbca4fccbad91a5009572cda59e83b", "febb2993cbbb1593e630bd7d814115518fb038d81497e9945cb3c5da3de2d9ee", "91e436eb7463ff9ef416858a0e46b73fd4a8e738b504b7f8ebb27283eef65d47", "4adc301787ef8f4c954e69d7ef629657366e17f6a891c33c1eee3a83a7f64e9c", "438259174450f0a034eb3356e5cd9fde06468fd71369fcf350d78ebc99e0a9ce", "182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939", "a0bc4dc1f8cc7615a66d62afef67d2eee6af39c0ba59396bc5472c726474ae49", "8202953b0fe4d73156bae712ab5cc481d5bc9134745dcd5b8b5c50e18a5500f3", "593487ca56545968d3b79d6d945f0747938b5d7c2fe3884e2e1d9bc0138f3af2", "ea892a3dc73f8dab3a84b24f88b843600e8357fd56d85f9fc90fb858ec2c4fa7", "eb803216f92e5bf2cea2320d9e9490eda37655f6d51971a6ea83f99bf62c875b", "d66f497dcf49c54ca5ebeb7d6f19dc65e959ddaf288bb477884f5394c035bea1", "3f9cdadb6bdffa0259111aef35af5b1cd49900a024181bdfaca49e00162edb8b", "83cc953df29bdf1a059cce0966a6f31defebc4c5709d149f38fbd3e04c7a0e85"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-invalid-checksum", "hashes": ["c7c64e6d0e88a2663a8557f35d7aeeb15ee4ad281af6adfe1a26ca11b435ba9c", "fceccca0f030731609c20119d192627e92b55963e82ccbae5aab42cabf139e41", "6d2133f6563cff051a57d19c50875a799b2490b686a7f1d11d2c13b342243509", "a24fc35cad24e3ed2357528adf84cc03b77205de39ed4e6922b676282150597f", "a291dfed9100241eb471c331f70ac8b5c6c323d79e1252055bd7aa4e31c62be7", "755f131bf7d3438c2d49127dbce152bbb66b0954602775fa58d13a1584a43551", "24d69cf7dd629250d0cdebbae146525ec9db913b596c9c21ad22a7c54d39c9a3", "b29e1261cf467039caf09f2b63254c88a9cbca4fccbad91a5009572cda59e83b", "febb2993cbbb1593e630bd7d814115518fb038d81497e9945cb3c5da3de2d9ee", "91e436eb7463ff9ef416858a0e46b73fd4a8e738b504b7f8ebb27283eef65d47", "4adc301787ef8f4c954e69d7ef629657366e17f6a891c33c1eee3a83a7f64e9c", "438259174450f0a034eb3356e5cd9fde06468fd71369fcf350d78ebc99e0a9ce", "182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939", "a0bc4dc1f8cc7615a66d62afef67d2eee6af39c0ba59396bc5472c726474ae49", "8202953b0fe4d73156bae712ab5cc481d5bc9134745dcd5b8b5c50e18a5500f3", "593487ca56545968d3b79d6d945f0747938b5d7c2fe3884e2e1d9bc0138f3af2", "ea892a3dc73f8dab3a84b24f88b843600e8357fd56d85f9fc90fb858ec2c4fa7", "eb803216f92e5bf2cea2320d9e9490eda37655f6d51971a6ea83f99bf62c875b", "d66f497dcf49c54ca5ebeb7d6f19dc65e959ddaf288bb477884f5394c035bea1", "3f9cdadb6bdffa0259111aef35af5b1cd49900a024181bdfaca49e00162edb8b", "83cc953df29bdf1a059cce0966a6f31defebc4c5709d149f38fbd3e04c7a0e85"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["c7c64e6d0e88a2663a8557f35d7aeeb15ee4ad281af6adfe1a26ca11b435ba9c", "fceccca0f030731609c20119d192627e92b55963e82ccbae5aab42cabf139e41", "6d2133f6563cff051a57d19c50875a799b2490b686a7f1d11d2c13b342243509", "a24fc35cad24e3ed2357528adf84cc03b77205de39ed4e6922b676282150597f", "a291dfed9100241eb471c331f70ac8b5c6c323d79e1252055bd7aa4e31c62be7", "755f131bf7d3438c2d49127dbce152bbb66b0954602775fa58d13a1584a43551", "24d69cf7dd629250d0cdebbae146525ec9db913b596c9c21ad22a7c54d39c9a3", "b29e1261cf467039caf09f2b63254c88a9cbca4fccbad91a5009572cda59e83b", "febb2993cbbb1593e630bd7d814115518fb038d81497e9945cb3c5da3de2d9ee", "91e436eb7463ff9ef416858a0e46b73fd4a8e738b504b7f8ebb27283eef65d47", "4adc301787ef8f4c954e69d7ef629657366e17f6a891c33c1eee3a83a7f64e9c", "438259174450f0a034eb3356e5cd9fde06468fd71369fcf350d78ebc99e0a9ce", "182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939", "a0bc4dc1f8cc7615a66d62afef67d2eee6af39c0ba59396bc5472c726474ae49", "8202953b0fe4d73156bae712ab5cc481d5bc9134745dcd5b8b5c50e18a5500f3", "593487ca56545968d3b79d6d945f0747938b5d7c2fe3884e2e1d9bc0138f3af2", "ea892a3dc73f8dab3a84b24f88b843600e8357fd56d85f9fc90fb858ec2c4fa7", "eb803216f92e5bf2cea2320d9e9490eda37655f6d51971a6ea83f99bf62c875b", "d66f497dcf49c54ca5ebeb7d6f19dc65e959ddaf288bb477884f5394c035bea1", "3f9cdadb6bdffa0259111aef35af5b1cd49900a024181bdfaca49e00162edb8b", "83cc953df29bdf1a059cce0966a6f31defebc4c5709d149f38fbd3e04c7a0e85"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "hook-installed", "hashes": ["c7c64e6d0e88a2663a8557f35d7aeeb15ee4ad281af6adfe1a26ca11b435ba9c", "fceccca0f030731609c20119d192627e92b55963e82ccbae5aab42cabf139e41", "6d2133f6563cff051a57d19c50875a799b2490b686a7f1d11d2c13b342243509", "a24fc35cad24e3ed2357528adf84cc03b77205de39ed4e6922b676282150597f", "a291dfed9100241eb471c331f70ac8b5c6c323d79e1252055bd7aa4e31c62be7", "755f131bf7d3438c2d49127dbce152bbb66b0954602775fa58d13a1584a43551", "24d69cf7dd629250d0cdebbae146525ec9db913b596c9c21ad22a7c54d39c9a3", "b29e1261cf467039caf09f2b63254c88a9cbca4fccbad91a5009572cda59e83b", "febb2993cbbb1593e630bd7d814115518fb038d81497e9945cb3c5da3de2d9ee", "91e436eb7463ff9ef416858a0e46b73fd4a8e738b504b7f8ebb27283eef65d47", "4adc301787ef8f4c954e69d7ef629657366e17f6a891c33c1eee3a83a7f64e9c", "438259174450f0a034eb3356e5cd9fde06468fd71369fcf350d78ebc99e0a9ce", "182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939", "a0bc4dc1f8cc7615a66d62afef67d2eee6af39c0ba59396bc5472c726474ae49", "8202953b0fe4d73156bae712ab5cc481d5bc9134745dcd5b8b5c50e18a5500f3", "593487ca56545968d3b79d6d945f0747938b5d7c2fe3884e2e1d9bc0138f3af2", "ea892a3dc73f8dab3a84b24f88b843600e8357fd56d85f9fc90fb858ec2c4fa7", "eb803216f92e5bf2cea2320d9e9490eda37655f6d51971a6ea83f99bf62c875b", "d66f497dcf49c54ca5ebeb7d6f19dc65e959ddaf288bb477884f5394c035bea1", "3f9cdadb6bdffa0259111aef35af5b1cd49900a024181bdfaca49e00162edb8b", "83cc953df29bdf1a059cce0966a6f31defebc4c5709d149f38fbd3e04c7a0e85"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-subtype-com", "hashes": ["c7c64e6d0e88a2663a8557f35d7aeeb15ee4ad281af6adfe1a26ca11b435ba9c", "fceccca0f030731609c20119d192627e92b55963e82ccbae5aab42cabf139e41", "6d2133f6563cff051a57d19c50875a799b2490b686a7f1d11d2c13b342243509", "a24fc35cad24e3ed2357528adf84cc03b77205de39ed4e6922b676282150597f", "a291dfed9100241eb471c331f70ac8b5c6c323d79e1252055bd7aa4e31c62be7", "755f131bf7d3438c2d49127dbce152bbb66b0954602775fa58d13a1584a43551", "24d69cf7dd629250d0cdebbae146525ec9db913b596c9c21ad22a7c54d39c9a3", "b29e1261cf467039caf09f2b63254c88a9cbca4fccbad91a5009572cda59e83b", "febb2993cbbb1593e630bd7d814115518fb038d81497e9945cb3c5da3de2d9ee", "91e436eb7463ff9ef416858a0e46b73fd4a8e738b504b7f8ebb27283eef65d47", "4adc301787ef8f4c954e69d7ef629657366e17f6a891c33c1eee3a83a7f64e9c", "438259174450f0a034eb3356e5cd9fde06468fd71369fcf350d78ebc99e0a9ce", "182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939", "a0bc4dc1f8cc7615a66d62afef67d2eee6af39c0ba59396bc5472c726474ae49", "8202953b0fe4d73156bae712ab5cc481d5bc9134745dcd5b8b5c50e18a5500f3", "593487ca56545968d3b79d6d945f0747938b5d7c2fe3884e2e1d9bc0138f3af2", "ea892a3dc73f8dab3a84b24f88b843600e8357fd56d85f9fc90fb858ec2c4fa7", "eb803216f92e5bf2cea2320d9e9490eda37655f6d51971a6ea83f99bf62c875b", "d66f497dcf49c54ca5ebeb7d6f19dc65e959ddaf288bb477884f5394c035bea1", "3f9cdadb6bdffa0259111aef35af5b1cd49900a024181bdfaca49e00162edb8b", "83cc953df29bdf1a059cce0966a6f31defebc4c5709d149f38fbd3e04c7a0e85"], "mitre_attack_tags": []}, {"bi": "service-dll-registration", "hashes": ["c7c64e6d0e88a2663a8557f35d7aeeb15ee4ad281af6adfe1a26ca11b435ba9c", "fceccca0f030731609c20119d192627e92b55963e82ccbae5aab42cabf139e41", "6d2133f6563cff051a57d19c50875a799b2490b686a7f1d11d2c13b342243509", "a24fc35cad24e3ed2357528adf84cc03b77205de39ed4e6922b676282150597f", "a291dfed9100241eb471c331f70ac8b5c6c323d79e1252055bd7aa4e31c62be7", "755f131bf7d3438c2d49127dbce152bbb66b0954602775fa58d13a1584a43551", "24d69cf7dd629250d0cdebbae146525ec9db913b596c9c21ad22a7c54d39c9a3", "b29e1261cf467039caf09f2b63254c88a9cbca4fccbad91a5009572cda59e83b", "febb2993cbbb1593e630bd7d814115518fb038d81497e9945cb3c5da3de2d9ee", "91e436eb7463ff9ef416858a0e46b73fd4a8e738b504b7f8ebb27283eef65d47", "4adc301787ef8f4c954e69d7ef629657366e17f6a891c33c1eee3a83a7f64e9c", "438259174450f0a034eb3356e5cd9fde06468fd71369fcf350d78ebc99e0a9ce", "182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939", "a0bc4dc1f8cc7615a66d62afef67d2eee6af39c0ba59396bc5472c726474ae49", "8202953b0fe4d73156bae712ab5cc481d5bc9134745dcd5b8b5c50e18a5500f3", "593487ca56545968d3b79d6d945f0747938b5d7c2fe3884e2e1d9bc0138f3af2", "ea892a3dc73f8dab3a84b24f88b843600e8357fd56d85f9fc90fb858ec2c4fa7", "eb803216f92e5bf2cea2320d9e9490eda37655f6d51971a6ea83f99bf62c875b", "d66f497dcf49c54ca5ebeb7d6f19dc65e959ddaf288bb477884f5394c035bea1", "3f9cdadb6bdffa0259111aef35af5b1cd49900a024181bdfaca49e00162edb8b", "83cc953df29bdf1a059cce0966a6f31defebc4c5709d149f38fbd3e04c7a0e85"], "mitre_attack_tags": ["TA0003", "TA0004", "T1543"]}, {"bi": "windows-util-dll-injection-tool", "hashes": ["c7c64e6d0e88a2663a8557f35d7aeeb15ee4ad281af6adfe1a26ca11b435ba9c", "fceccca0f030731609c20119d192627e92b55963e82ccbae5aab42cabf139e41", "6d2133f6563cff051a57d19c50875a799b2490b686a7f1d11d2c13b342243509", "a24fc35cad24e3ed2357528adf84cc03b77205de39ed4e6922b676282150597f", "a291dfed9100241eb471c331f70ac8b5c6c323d79e1252055bd7aa4e31c62be7", "755f131bf7d3438c2d49127dbce152bbb66b0954602775fa58d13a1584a43551", "24d69cf7dd629250d0cdebbae146525ec9db913b596c9c21ad22a7c54d39c9a3", "b29e1261cf467039caf09f2b63254c88a9cbca4fccbad91a5009572cda59e83b", "febb2993cbbb1593e630bd7d814115518fb038d81497e9945cb3c5da3de2d9ee", "91e436eb7463ff9ef416858a0e46b73fd4a8e738b504b7f8ebb27283eef65d47", "4adc301787ef8f4c954e69d7ef629657366e17f6a891c33c1eee3a83a7f64e9c", "438259174450f0a034eb3356e5cd9fde06468fd71369fcf350d78ebc99e0a9ce", "182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939", "a0bc4dc1f8cc7615a66d62afef67d2eee6af39c0ba59396bc5472c726474ae49", "8202953b0fe4d73156bae712ab5cc481d5bc9134745dcd5b8b5c50e18a5500f3", "593487ca56545968d3b79d6d945f0747938b5d7c2fe3884e2e1d9bc0138f3af2", "ea892a3dc73f8dab3a84b24f88b843600e8357fd56d85f9fc90fb858ec2c4fa7", "eb803216f92e5bf2cea2320d9e9490eda37655f6d51971a6ea83f99bf62c875b", "d66f497dcf49c54ca5ebeb7d6f19dc65e959ddaf288bb477884f5394c035bea1", "3f9cdadb6bdffa0259111aef35af5b1cd49900a024181bdfaca49e00162edb8b", "83cc953df29bdf1a059cce0966a6f31defebc4c5709d149f38fbd3e04c7a0e85"], "mitre_attack_tags": ["TA0005"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["c7c64e6d0e88a2663a8557f35d7aeeb15ee4ad281af6adfe1a26ca11b435ba9c", "fceccca0f030731609c20119d192627e92b55963e82ccbae5aab42cabf139e41", "6d2133f6563cff051a57d19c50875a799b2490b686a7f1d11d2c13b342243509", "a24fc35cad24e3ed2357528adf84cc03b77205de39ed4e6922b676282150597f", "a291dfed9100241eb471c331f70ac8b5c6c323d79e1252055bd7aa4e31c62be7", "755f131bf7d3438c2d49127dbce152bbb66b0954602775fa58d13a1584a43551", "24d69cf7dd629250d0cdebbae146525ec9db913b596c9c21ad22a7c54d39c9a3", "b29e1261cf467039caf09f2b63254c88a9cbca4fccbad91a5009572cda59e83b", "febb2993cbbb1593e630bd7d814115518fb038d81497e9945cb3c5da3de2d9ee", "91e436eb7463ff9ef416858a0e46b73fd4a8e738b504b7f8ebb27283eef65d47", "4adc301787ef8f4c954e69d7ef629657366e17f6a891c33c1eee3a83a7f64e9c", "438259174450f0a034eb3356e5cd9fde06468fd71369fcf350d78ebc99e0a9ce", "182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939", "a0bc4dc1f8cc7615a66d62afef67d2eee6af39c0ba59396bc5472c726474ae49", "8202953b0fe4d73156bae712ab5cc481d5bc9134745dcd5b8b5c50e18a5500f3", "593487ca56545968d3b79d6d945f0747938b5d7c2fe3884e2e1d9bc0138f3af2", "ea892a3dc73f8dab3a84b24f88b843600e8357fd56d85f9fc90fb858ec2c4fa7", "d66f497dcf49c54ca5ebeb7d6f19dc65e959ddaf288bb477884f5394c035bea1", "3f9cdadb6bdffa0259111aef35af5b1cd49900a024181bdfaca49e00162edb8b", "83cc953df29bdf1a059cce0966a6f31defebc4c5709d149f38fbd3e04c7a0e85"], "mitre_attack_tags": []}, {"bi": "registry-modification-reg", "hashes": ["c7c64e6d0e88a2663a8557f35d7aeeb15ee4ad281af6adfe1a26ca11b435ba9c", "a24fc35cad24e3ed2357528adf84cc03b77205de39ed4e6922b676282150597f", "24d69cf7dd629250d0cdebbae146525ec9db913b596c9c21ad22a7c54d39c9a3", "b29e1261cf467039caf09f2b63254c88a9cbca4fccbad91a5009572cda59e83b", "4adc301787ef8f4c954e69d7ef629657366e17f6a891c33c1eee3a83a7f64e9c", "3f9cdadb6bdffa0259111aef35af5b1cd49900a024181bdfaca49e00162edb8b"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["fceccca0f030731609c20119d192627e92b55963e82ccbae5aab42cabf139e41"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["fceccca0f030731609c20119d192627e92b55963e82ccbae5aab42cabf139e41"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["fceccca0f030731609c20119d192627e92b55963e82ccbae5aab42cabf139e41"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["fceccca0f030731609c20119d192627e92b55963e82ccbae5aab42cabf139e41"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-snort-malware", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": []}, {"bi": "process-svchost-suspicious-launch", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "pe-uses-dot-net", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": []}, {"bi": "potential-registry-persistence", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": ["TA0003"]}, {"bi": "modified-file-in-program-dir", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "fake-recycler-folder-creation", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "pe-resource-lang-russian", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": []}, {"bi": "pe-imports-psapi-dll", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "pe-tls-callback", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-imports-toolhelp", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "usb-drive-autoplay-modification", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "modified-file-on-usb", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "artifact-flagged-antianalysis", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-resource-lang-spanish", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": []}, {"bi": "process-requested-file-external-drive", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": ["TA0009", "T1025"]}, {"bi": "recycler-exe-artifact", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-resource-lang-korean", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": []}, {"bi": "malware-ramnit-mutex", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": []}, {"bi": "malware-ramnit", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": []}, {"bi": "html-js-uses-eval", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-trojan-xpiro-compound", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": []}, {"bi": "registry-winlogon-key-value-modified-to-userinit", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "malware-ramnit-snort", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": []}, {"bi": "fake-recycler-exe-creation", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "artifact-flagged-html-pe", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-html-vbs-shell", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "mitre_attack_tags": ["TA0002", "T1059"]}], "category": "Virus", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Ramnit is a banking trojan that monitors web browser activity on an infected machine and collects login information from financial websites. It also has the ability to steal browser cookies and attempts to hide from popular antivirus software.", "hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939", "24d69cf7dd629250d0cdebbae146525ec9db913b596c9c21ad22a7c54d39c9a3", "3f9cdadb6bdffa0259111aef35af5b1cd49900a024181bdfaca49e00162edb8b", "438259174450f0a034eb3356e5cd9fde06468fd71369fcf350d78ebc99e0a9ce", "4adc301787ef8f4c954e69d7ef629657366e17f6a891c33c1eee3a83a7f64e9c", "593487ca56545968d3b79d6d945f0747938b5d7c2fe3884e2e1d9bc0138f3af2", "6d2133f6563cff051a57d19c50875a799b2490b686a7f1d11d2c13b342243509", "755f131bf7d3438c2d49127dbce152bbb66b0954602775fa58d13a1584a43551", "8202953b0fe4d73156bae712ab5cc481d5bc9134745dcd5b8b5c50e18a5500f3", "83cc953df29bdf1a059cce0966a6f31defebc4c5709d149f38fbd3e04c7a0e85", "91e436eb7463ff9ef416858a0e46b73fd4a8e738b504b7f8ebb27283eef65d47", "a0bc4dc1f8cc7615a66d62afef67d2eee6af39c0ba59396bc5472c726474ae49", "a24fc35cad24e3ed2357528adf84cc03b77205de39ed4e6922b676282150597f", "a291dfed9100241eb471c331f70ac8b5c6c323d79e1252055bd7aa4e31c62be7", "b29e1261cf467039caf09f2b63254c88a9cbca4fccbad91a5009572cda59e83b", "c7c64e6d0e88a2663a8557f35d7aeeb15ee4ad281af6adfe1a26ca11b435ba9c", "d66f497dcf49c54ca5ebeb7d6f19dc65e959ddaf288bb477884f5394c035bea1", "ea892a3dc73f8dab3a84b24f88b843600e8357fd56d85f9fc90fb858ec2c4fa7", "eb803216f92e5bf2cea2320d9e9490eda37655f6d51971a6ea83f99bf62c875b", "fceccca0f030731609c20119d192627e92b55963e82ccbae5aab42cabf139e41", "febb2993cbbb1593e630bd7d814115518fb038d81497e9945cb3c5da3de2d9ee"], "iocs": {"domain": [{"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "host": "google[.]com"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "host": "zahlung[.]name"}], "file": [{"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms5\\FormsMacroTemplate.html"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms5\\FormsPreviewTemplate.html"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms5\\FormsPreviewTemplateRTL.html"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms5\\FormsPrintTemplate.html"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\Office14\\Groove\\ToolData\\groove.net\\GrooveForms5\\FormsPrintTemplateRTL.html"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\Common7\\IDE\\VsWizard.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\Common7\\IDE\\msdis150.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\Common7\\IDE\\msenc80.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\Common7\\IDE\\msenv.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\Common7\\IDE\\mspdb80.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\Common7\\IDE\\mspdbcore.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\Common7\\IDE\\msvb7.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\Common7\\IDE\\vslog.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\Common7\\IDE\\vssln.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\Common7\\IDE\\vstlbinf.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\Common7\\Packages\\Compsvcspkg.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\Common7\\Packages\\Debugger\\cpde.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\Common7\\Packages\\Debugger\\cscompee.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\Common7\\Packages\\Debugger\\shmetapdb.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\Common7\\Packages\\Debugger\\vsdebug.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\Common7\\Packages\\dirprj.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\Common7\\Tools\\VDT\\vdt80.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\Common7\\Tools\\VDT\\vdt80p.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\VB\\Bin\\msvbprj.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\VC#\\VCSPackages\\cslangsvc.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\VC#\\VCSPackages\\csproj.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\VC\\vcpackages\\DirControl.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft Visual Studio 8\\sqlserver\\mssdi98.dll"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "E:\\autorun.inf"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft\\DesktopLayer.exe"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%SystemRoot%\\SysWOW64\\dmlconf.dat"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\Welcome.html"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\demo\\jfc\\CodePointIM\\README.html"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\demo\\jfc\\CodePointIM\\README_ja.html"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\demo\\jfc\\CodePointIM\\README_zh_CN.html"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\demo\\jvmti\\index.html"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\demo\\management\\index.html"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\sample\\annotations\\index.html"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\sample\\jmx\\jmx-scandir\\index.html"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\sample\\jmx\\jmx-scandir\\src\\com\\sun\\jmx\\examples\\scandir\\config\\package.html"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\sample\\jmx\\jmx-scandir\\src\\com\\sun\\jmx\\examples\\scandir\\package.html"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\sample\\lambda\\BulkDataOperations\\index.html"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\sample\\try-with-resources\\index.html"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%SystemRoot%\\SysWOW64\\regsvr32Srv.exe"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "%ProgramFiles(x86)%\\Microsoft\\px61A9.tmp"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "E:\\RECYCLER"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "E:\\RECYCLER\\S-4-8-37-0764401120-1202113062-571747650-5860"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "E:\\RECYCLER\\S-4-8-37-0764401120-1202113062-571747650-5860\\XNSTuPeS.exe"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "path": "\\RECYCLER\\S-4-8-37-0764401120-1202113062-571747650-5860\\XNSTuPeS.exe"}], "ip": [{"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "ip": "107[.]6[.]74[.]76"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "ip": "142[.]250[.]80[.]46"}], "mutex": [{"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "name": "Global\\SYSTEM_DEMETRA_MAIN"}, {"hashes": ["fceccca0f030731609c20119d192627e92b55963e82ccbae5aab42cabf139e41"], "name": "Global\\edccfa21-0855-11ee-9660-00151741784b"}], "registry": [{"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\VOLATILE\\00\\MACHINE\\SOFTWARE\\CLASSES\\TYPELIB\\{8C11EFA1-92C3-11D1-BC1E-00C04FA31489}", "value_name": null}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\VOLATILE\\00\\MACHINE\\SOFTWARE\\CLASSES\\TYPELIB\\{8C11EFA1-92C3-11D1-BC1E-00C04FA31489}\\1.0", "value_name": null}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\MSTSCAX.MSTSCAX.1\\CLSID", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{A41A4187-5A86-4E26-B40A-856F9035D9CB}\\VERSIONINDEPENDENTPROGID", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{A41A4187-5A86-4E26-B40A-856F9035D9CB}\\INPROCSERVER32", "value_name": "ThreadingModel"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{A41A4187-5A86-4E26-B40A-856F9035D9CB}\\MISCSTATUS", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{A41A4187-5A86-4E26-B40A-856F9035D9CB}\\MISCSTATUS\\1", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{A41A4187-5A86-4E26-B40A-856F9035D9CB}\\TYPELIB", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\MSTSCAX.MSTSCAX.2", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\MSTSCAX.MSTSCAX.2\\CLSID", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{7CACBD7B-0D99-468F-AC33-22E495C0AFE5}\\PROGID", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{7CACBD7B-0D99-468F-AC33-22E495C0AFE5}\\VERSIONINDEPENDENTPROGID", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{7CACBD7B-0D99-468F-AC33-22E495C0AFE5}\\INPROCSERVER32", "value_name": "ThreadingModel"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{7CACBD7B-0D99-468F-AC33-22E495C0AFE5}\\MISCSTATUS", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{7CACBD7B-0D99-468F-AC33-22E495C0AFE5}\\MISCSTATUS\\1", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{7CACBD7B-0D99-468F-AC33-22E495C0AFE5}\\TYPELIB", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\MSTSCAX.MSTSCAX.3", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\MSTSCAX.MSTSCAX.3\\CLSID", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{3523C2FB-4031-44E4-9A3B-F1E94986EE7F}\\PROGID", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{3523C2FB-4031-44E4-9A3B-F1E94986EE7F}\\VERSIONINDEPENDENTPROGID", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{3523C2FB-4031-44E4-9A3B-F1E94986EE7F}\\INPROCSERVER32", "value_name": "ThreadingModel"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{3523C2FB-4031-44E4-9A3B-F1E94986EE7F}\\MISCSTATUS", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{3523C2FB-4031-44E4-9A3B-F1E94986EE7F}\\MISCSTATUS\\1", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{3523C2FB-4031-44E4-9A3B-F1E94986EE7F}\\TYPELIB", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\MSTSCAX.MSTSCAX.1", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{A41A4187-5A86-4E26-B40A-856F9035D9CB}", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{A41A4187-5A86-4E26-B40A-856F9035D9CB}\\PROGID", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{A41A4187-5A86-4E26-B40A-856F9035D9CB}\\VERSION", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{7CACBD7B-0D99-468F-AC33-22E495C0AFE5}", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{7CACBD7B-0D99-468F-AC33-22E495C0AFE5}\\VERSION", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{3523C2FB-4031-44E4-9A3B-F1E94986EE7F}", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{3523C2FB-4031-44E4-9A3B-F1E94986EE7F}\\VERSION", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\VOLATILE\\00\\MACHINE\\SOFTWARE\\CLASSES\\TYPELIB\\{8C11EFA1-92C3-11D1-BC1E-00C04FA31489}\\1.0\\HELPDIR", "value_name": null}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\MSLICENSING\\STORE", "value_name": null}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\MSLICENSING\\HARDWAREID", "value_name": null}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{A41A4187-5A86-4E26-B40A-856F9035D9CB}\\INPROCSERVER32", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{A41A4187-5A86-4E26-B40A-856F9035D9CB}\\TOOLBOXBITMAP32", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{7CACBD7B-0D99-468F-AC33-22E495C0AFE5}\\INPROCSERVER32", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{7CACBD7B-0D99-468F-AC33-22E495C0AFE5}\\TOOLBOXBITMAP32", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\MSTSCAX.MSTSCAX", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\MSTSCAX.MSTSCAX\\CURVER", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{3523C2FB-4031-44E4-9A3B-F1E94986EE7F}\\INPROCSERVER32", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{3523C2FB-4031-44E4-9A3B-F1E94986EE7F}\\TOOLBOXBITMAP32", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\TYPELIB\\{8C11EFA1-92C3-11D1-BC1E-00C04FA31489}\\1.0\\0\\WIN32", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\VOLATILE\\00\\MACHINE\\SOFTWARE\\CLASSES\\TYPELIB\\{8C11EFA1-92C3-11D1-BC1E-00C04FA31489}\\1.0\\HELPDIR", "value_name": ""}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\MSLICENSING\\HARDWAREID", "value_name": "ClientHWID"}, {"hashes": ["182842a0a84e56435b8f7a625137a0d1bc0ab44be0df60bfe44d8b560842c939"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Userinit"}]}, "reports_count": 21}, "exprev": [], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2023-06-16T17:34:35+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Dropper.Zeus-10004541-0", "Win.Dropper.Kuluoz-10004513-0", "Win.Packed.Redline-10004447-0", "Win.Packed.Nanocore-10004398-0", "Win.Dropper.Ap0calypseRAT-10004380-0", "Win.Packed.Upatre-10004369-0", "Doc.Malware.Valyria-10004248-0", "Win.Ransomware.Cerber-10004233-0", "Win.Virus.Ramnit-10004200-0"]}