Indicator,Data,Notes,
sha256,f788d5c2c1bb2d88db09b727b3841155daf43ba81802b5faffec72640451fa4f,tpyrced_ambs.exe,
sha256,ad346007f28c4b6d409c95f55e750e249db4b168cd7061baa128f826df948e10,443.txt (PocoProxy),
sha256,1ad26a31c5387055610e053dbab8355e1371f89dfa37526f7a3341122526b719,4413.txt (PocoProxy),
sha256,91f40e8659da3dbbb22497b317aa37f26403be86662e359ecddcb4a0c72e154c,chrome.log (PocoProxy),
filename,aaaa.txt,PocoProxy,
sha256,7d6209036d370dbce7a0657f35dedeaa59c15fcfb4d696b9ebdd0fcc773dad50,a8.txt (PocoProxy),
sha256,34294ff52899a63f2dc02e5a8f1488343afdb9702437d409a0869317ccfb4243,s.dat (Malicious file),
sha256,5f3fd50715aabf43cc6edb5f38026a3baa37a7fd7a17ae232fc65e186c83befb,msedge_elf.dll (HUI Loader),
sha256,4fcbc598c5699ea48a1edd8dda065eab210f09ad900ab167cb5abdf9841dd2b7,hideschtasks.exe (Custom binary; remotely creates scheduled tasks),
sha256,755b14ad83da2f2eff8ef8bf83ed74c6d96f6b3b3fde95d4c13d8cb75d861631,log.ini (Masquerading DLL generating C2),
sha256,44e0c61f70f44e3a35ecde9b49a623973727d3aa68922ef4e1ff8dfc74795582,11.log (LSASS credential interceptor),
sha256,a1a8adae91daa96deb01326c702fec388d0fa983f299de3f1bdb8a277df64423,1.dat (Cobalt Strike),
sha256,3a85c36fff48b223f6edd722bc1603a1fd9b00d3e4d46a88151c4b1b696d90d1,sssa.exe (Malicious file),
sha256,62c9b97a849f40f4b5b167b96a54fa1ef03624ac8f2972b641af8ca5d00b5db0,McPvNs.dll (Malicious DLL sideloaded by McPvTray.exe),
sha256,c1d818f18c7160807d9031e024fcc6429476d6455221e3aa988c6245269fbcc8,"rsndispot.sys , EDR evasion",
sha256,ea8c8f834523886b07d87e85e24f124391d69a738814a0f7c31132b6b712ed65,"rspot.sys, EDR evasion",
ip,198.13.47.158,PocoProxy C2,
ip,64.176.50.42,PocoProxy C2,
ip,158.247.241.188,PocoProxy C2,
domain,www.googlespeedtest33.com,PocoProxy C2,
ip,139.180.217.105,PocoProxy C2,
ip,45.130.229.181,Cobalt Strike C2,
ip,185.201.8.187,Cobalt Strike C2,