{"Doc.Downloader.Emotet-7593277-0": {"bis": [{"bi": "created-executable-in-user-dir", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": []}, {"bi": "antivirus-service-artifact-flagged-malicious", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": []}, {"bi": "antivirus-service-artifact-contains-macro", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": ["TA0002", "TA0001"]}, {"bi": "vba-document-open", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": ["TA0002", "TA0001"]}, {"bi": "document-dynamic-content-detected", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": ["TA0005", "TA0002", "TA0001"]}, {"bi": "document-single-page", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": []}, {"bi": "document-contains-vba-macro", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": ["TA0002", "TA0001"]}, {"bi": "document-embedded-low-content", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": []}, {"bi": "wmi-process-create", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": ["TA0005", "TA0002"]}, {"bi": "powershell-encoded-buffer", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": ["TA0005", "TA0002"]}, {"bi": "registry-powershell-ras-dll-loaded", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-snort-policy", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-emotet-file-drop", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": []}, {"bi": "document-launch-powershell", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": ["TA0005"]}, {"bi": "document-network-traffic", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": ["TA0011"]}, {"bi": "powershell-encoded-obfuscated-cmdline", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": []}, {"bi": "powershell-remote-code-execution", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": ["TA0011"]}, {"bi": "document-wmi-process-create", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": ["TA0005"]}, {"bi": "document-min-and-embedded-network-traffic", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": []}, {"bi": "word-document-heuristics-compound", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": []}, {"bi": "network-dns-doc-network-traffic", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": []}, {"bi": "feed-domain-document-network-traffic", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": ["TA0011", "TA0010"]}, {"bi": "network-file-downloaded-to-disk", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": []}, {"bi": "html-phishing-page", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": ["TA0001", "TA0001", "TA0001"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": ["TA0005"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4"], "mitre_attack_tags": []}, {"bi": "malware-document-av", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-obfuscation", "hashes": ["6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f"], "mitre_attack_tags": ["TA0005"]}, {"bi": "js-contains-massive-strings", "hashes": ["624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926"], "mitre_attack_tags": ["TA0005"]}, {"bi": "document-contains-activex", "hashes": ["7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4"], "mitre_attack_tags": ["TA0002"]}, {"bi": "vba-document-uses-hidden-setting", "hashes": ["7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-fast-flux-domain", "hashes": ["7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb"], "mitre_attack_tags": []}], "category": "Downloader", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. It is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4", "7f436c6fd13ab691d369bd457e39513241abc836fe9740c647c996a852023671", "874e81e29a849c4544595cc0bc8c90aee7b098924e5f706c2b031a0769a30cee", "9219978343d45174b4dc03a7ee070c36f865a13bbda0ae80b29339a30a78bd53", "935fc32ad8675001b7958bfcaa899574283d2f100a2ec4313de5aa118f4ab6e1", "9a186f0caa0de6e8e321180d73aac49f70345e62ac56be7fd3c653eb2676c2f4", "9e2be59fe8458f359db58add5bfc435569a60a9ed79f336dd5ecf5e0c69a9af5", "9e87a8ffb2a924342d5214f6c5e9fa9f5600773cc01066e61fb71ea24686fe96", "9ee4d4f175149b64b717c4159fa24329c73677ab573940946d1c72d4c6d0eae1", "a07e26958ae93952f4b4d8ed2d4309fe5fc6564773dfb13b5d49b639a3ca1aa0", "a47ae13dc416c6598529a49a0717ac40c0bc5ee5cd6046176a1f032d7c586d47", "a4dca7ccf1dc216d8dc7e842d808a8d66aab2e4f09a0c0aa12aeeb7de046b8b9", "a66aa6fcfa517e1d6db516b0ae2bdee5fa62dcedd4f5258c79562d8765bc9072", "a77b00eca7b322d61a70ef21cb8737f311f20351f69d9bf7844365aa291e8621", "b5223060d6d6bf06d4a3dafbe79d8ab2f26e577cc10020bfeb0e5ae1ee5e968a", "b8cf0e48de420fb472a0bf99fbe7a6ca8faa6c652ae01bf9509340515a8229e0", "bc7603aa0d9c55a6775f8443b6d18e0039102f03c048087dff1c28ea7615ad67", "c6ce15dfd201abcfe86160e86b926af53f3d4c6f2c2911a0a44eaf6dbfbe8211", "cafce506e6cd4c7714ee5a49c74d1b0566b264dbc6222268a9c8b6b91edb658d", "d316a8cb29063b99c7168204f9eaa0565b8a33016dfe592016a03fff3d7ac6bc", "e087635666aa18e2d6bb8bf7db2e1a5e21f7e41afbe80bf0e436d632763a0721", "efed922d1419c8c25b1c92ea6c8a2536d4963f05b3fec54204dbabfff155d4c7", "f604323e4a4808c08ce72839b8e0c8898431c4514d24a8432331b06821ff2679", "fd59fb73055708531d40862d1a4349a2ad6ae45df69479eefcd9b3f36bdf34f9", "ff22a249356626f87616df2ee2af44c5fae2dbd7449f06fa8a7fe7dd7d8cb570"], "iocs": {"domain": [{"hashes": ["0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4"], "host": "api[.]w[.]org"}, {"hashes": ["0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4"], "host": "crt[.]sectigo[.]com"}, {"hashes": ["0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4"], "host": "secureservercdn[.]net"}, {"hashes": ["0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4"], "host": "pieceofpassion[.]com"}, {"hashes": ["0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4"], "host": "raisabook[.]com"}, {"hashes": ["0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4"], "host": "www[.]marketfxelite[.]com"}, {"hashes": ["0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4"], "host": "biswalfoodcircle[.]com"}, {"hashes": ["0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4"], "host": "tananfood[.]com"}, {"hashes": ["0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4"], "host": "www[.]pieceofpassion[.]net"}], "file": [{"hashes": ["0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4"], "path": "%HOMEPATH%\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\30D802E0E248FEE17AAF4A62594CC75A"}], "ip": [{"hashes": ["0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4"], "ip": "91[.]199[.]212[.]52"}, {"hashes": ["0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4"], "ip": "88[.]198[.]60[.]25"}, {"hashes": ["0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4"], "ip": "160[.]153[.]137[.]40"}, {"hashes": ["0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4"], "ip": "27[.]254[.]81[.]87"}, {"hashes": ["0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4"], "ip": "45[.]119[.]83[.]237"}, {"hashes": ["0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4"], "ip": "165[.]22[.]221[.]121"}, {"hashes": ["6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e"], "ip": "216[.]218[.]206[.]69"}], "mutex": [], "registry": [{"hashes": ["0b4c6649ad41af209e5bd5d857f68d5edc560bc48eda4267c50f806e831b7af3", "0fda18ca90096cec78e462f95be4cc2d46dc7dfbdcf44f8a022cb754d7607241", "10f31d5d1d70661af3e512d03007b2c6f403a4a581bc6a71d66b3c7a1420bf94", "18e85a75805b522d05cd674ad0c5eff59cdcccafa94f815b58483c2b89d0fd7e", "1a3a144d6425ae749452dc9fba14b9d7e24152164d01cc78f3606df039bca8da", "20607ff7ce201c1f167de3b0fd5fbb8c99d3f372c3e23027d365c8003ce7da79", "207bfdb50cbada73d08d6f6849a670795f88892f50a81d83712f5c606ac074fd", "2a9b6c82e814645cbaf5e3b77245ee17b11c629f82cbe92414fc40df1cc01e7a", "2b1d86c9c4196536d630631a0a0c7abc99b74482b8b1260b48d3ed21c57313d6", "314a112563a7a9cb9bfd1fe0ff7e54b19b2ab00827c68e237a251c47e77d28c4", "3dec594b76a5f10a5ccb22f02be9afab964409e42ad864264f79596470c3b926", "4188c8122fd994514c68a441bbeb2ea4981045cdad3b81cb30973ce853b89dbf", "483421df4aace161f9d26c50bd0b6638397a90ab367f128beb759250cac85083", "4c27e7c8f0d03b93b78a043800c2bf165183825d0ab4b5aec1973d3367e0d0cd", "562047aa50f97221552f04df509b3b65f91b86c6cea109d8b2774ff7b61c0a6c", "56a7d0293ab5e87d137ec58d312d381b38a9c2b40726c8a18deffb2cf6d8811f", "5fa2d1ab59588863601e287aa39f0475749f16ef458f693992a9cc6afc106fbb", "624b6b4f70e271f1dfdef7c9dc26a7d18f17feb7c5e5057866c42c0305ef55c6", "6294cd75c47243ce037d61b46271f8425b0ba4838f829ac99fa22e40b2573b5e", "68d2cef91a68892ff659a172c561b3638d5456dede979e5cfbeb91b7a8a8f8e7", "774f03a7a0f1b281015f56c111092f83645e8671bae737391a0aa740bef03ccb", "77ca0111c22e9de19cb947a73243aceb08b5b2e75289fd6747b35361f78787c4", "7933573f99948a9b1ff3e813f9f7e186aca213638cb47cb0c6e2e5f59c1ef0ce", "7b20e376a7a0f2a41411f91aa19a295aebd0acb2edfb0c5b7b7fc027baf01637", "7d3e63ec5e6b564f45e9cc027e39669b3ed166abc7e65fe7c864bb892244add4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\CA\\CERTIFICATES\\33E4E80807204C2B6182A3A14B591ACD25B5F0DB", "value_name": null}]}, "reports_count": 25}, "Doc.Malware.Valyria-7595017-0": {"bis": [{"bi": "created-executable-in-user-dir", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": []}, {"bi": "antivirus-service-artifact-flagged-malicious", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": []}, {"bi": "macro-contains-random-vars", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "antivirus-service-artifact-contains-macro", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": ["TA0002", "TA0001"]}, {"bi": "vba-document-open", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": ["TA0002", "TA0001"]}, {"bi": "document-dynamic-content-detected", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": ["TA0005", "TA0002", "TA0001"]}, {"bi": "document-single-page", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": []}, {"bi": "document-contains-vba-macro", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": ["TA0002", "TA0001"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "document-embedded-low-content", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "document-launch-powershell", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "document-network-traffic", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": ["TA0011"]}, {"bi": "vba-compound-random-network-communications", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": []}, {"bi": "document-min-and-embedded-network-traffic", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": []}, {"bi": "word-document-heuristics-compound", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": []}, {"bi": "vba-compound-random-generic", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": []}, {"bi": "feed-domain-document-network-traffic", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": ["TA0002"]}, {"bi": "powershell-script-calls-download", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": ["TA0011"]}, {"bi": "powershell-download-execute-file", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": ["TA0011"]}, {"bi": "command-obfuscation-detected", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "powershell-no-profile", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": []}, {"bi": "cmd-exe-substr", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": ["TA0005", "TA0002"]}, {"bi": "powershell-references-remote-resources", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": ["TA0005", "TA0002"]}, {"bi": "vba-document-calls-shell", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": ["TA0002", "TA0001"]}, {"bi": "cmd-windows-env-vars-detected", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": ["TA0005", "TA0002"]}, {"bi": "network-opendns-malicious", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": []}, {"bi": "network-dns-doc-network-traffic", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": ["TA0005", "TA0004"]}, {"bi": "netbios-query", "hashes": ["02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": []}, {"bi": "malware-document-av", "hashes": ["1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e"], "mitre_attack_tags": []}, {"bi": "powershell-exec-policy-bypass", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7"], "mitre_attack_tags": ["TA0005", "TA0002"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7"], "mitre_attack_tags": []}, {"bi": "powershell-hidden-window", "hashes": ["c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1"], "mitre_attack_tags": ["TA0005", "TA0002"]}, {"bi": "modified-file-in-user-dir", "hashes": ["87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc"], "mitre_attack_tags": []}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Valyria is a malicious Microsoft Word document family that is used to distribute other malware, such as Emotet.", "hashes": ["014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "2527760ebc86ea98ae78a6c966a1a0462c3ab5bce403fb9a3ca6ebb04132fa1e", "272b79fac95df2ded2dc415cc8af4a39d890169b2d672f140f8b080ebe1edfb0", "28646405020c63c4164297adc663b959bccf52b0673c0f8b8469a289c0820f17", "290b941597ceacc58d505ecf5678b53678eec44433a4b63c3116947c456fedb0", "29af2f072d1cb021d24e0c27a5b5b2ffce1a38b660497716d8b330a8f5a63cbb", "2b0b9515318cfef31b67766afeddf9ab2da2ff2eeabe0df6a5aa5d80b0d12021", "2bcf139426de5c9b79d5881539bda96a25f29254c1d1ba79250ec8f2a96e5329", "3162f249781000993432c405b6122bcd8fa440963adc91d6d7ad684c1eb2cd1a", "323a15f7ceb3264269777ccca5821f6b96870c0fbf00001f92f2e0cfe3b7a6f8", "3345bb9dfb8b25e18a1a6eaa7087dba5ceb92bbc8f609658d5efc324673509e1", "34e21d5671049ababc7f4e40dd301fcde91579812564f2a2a3eeaf5c16b1cb81", "352d52f6a663c01c5c95511fcd5c6a89ae6cdab111cdb6f820e20da808471243", "3792f6a1e71981ef9c0140bb9133db7aed9a965138660e09ad474c88d4b0422f", "3a9d9638ac1d65eee48d8a34c849fbbcabb6f999be1704d8a68e5fc968590563", "3b785a195174b7fb295fbd9f855194c70919134b6cf2b4a7f45bb3b90b0979bf", "3c4435614270c67a9b49f10b233a4a73d61cd3c89e99a66e868ca057884affc3", "408a3e209dcf6f961f1431a1b7b642c4ff2aa905edfbbd8b4f77afff67d5e51e", "40e44773c6d56f9b45821fe830361eb640762f46530ff85563602adbe6d38b64", "416b8fb3b02a9a15d5b9e93117c74ac87a4d38594d9ab30836b16a7f07e7857f", "41e221873e202abd8f9e475fad66aa2886bac735e7825dd3693d4915afe439b1", "439c25048d37fff51fad235fe024e77d07f2c098c49eda36013abb77048c0d4c", "44ca80f49d96f86418d4152c7133287416079bca6ac70e778f09f64d21e8d529", "458cb781f2d5ca9b3bd1e6d434953448d8218b0647d8bfa379923bf8817af15d", "460e287e0d0c91a797116a787e28f4c3fccec5bd8e2c1e7498bf569cf9b3d3a2", "469393157b1aa6e29c49b4fed11904a7cee6381484bc8038c22ad35ff3f658f6", "46dfebce3177c4e59c6155ca0696f98b3df720dd4d055d076930e5f4c0cd4ac5", "47f5bbef90d47403c1467cda7bdf9882fe362638ca4da78f47378f3ed30431c5", "49ba7b134568a609ccf4b6e091a2d50bb6b7f914e2306fdf9435be39a81e3959", "4c44f233451cb66fa5d6d79e9656d7aa8e0b4615ef12d93fec5a235a342d017e", "4dab7032a587f4d724851b92370b5dcb5c9376191e9f3fcb9794685bed6f7d57", "516510e66cc37194b2f929e4d90fe94e00fa2811d42ccbd8c94ca677a233ad49", "51a9af1200446b42ec4d11768120b963a1abf08766db62d794e2b34cb7a173f0", "52186aba10e37c0bc85c80769b9a8e61b4821f396cf77c682dda15018f4001fa", "53b24595f72b87ad08c2ba29c6712ff9b0c7888308b67f59ab6eb9022dd7b883", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "546392537aba0ff668ee5e920b4f8f7c8387aab81294c7da8c32076d369e92ae", "553f099875a4cf50d0db068d2a35d2f629222fb8ae122cd857c9336647430b57", "55c0e31178c07706d4fa50bc525eb90df78f6ec1fabf49ea39b11e9fbb198b67", "568c6a01c5edd63dbab29e31a16143618ede21fdbd47d1a640ac06a38cf54013", "59eef3171e6c3378483e47d26c95d887ab58c155687c0b079a8cf33c6bb9379a", "5a223db89f9d9e6a9b5c4033d80d025e2eaee0b246fa244f82e72dd44e0a397d", "5d0629389951804462cfda3a98126814b55c60ba194035e6d84917de4675c4c3", "5df33c9e7312ee6a5d2cf921e5b1dc164f887076cce5f1e314b75171335f3716", "5e6177c1721a7bd7d79d0f18eb8ba67835e6e1999c7fa6473d7c0875769bf71f", "5ec5aa4dbdf3f97e1df2aa6e6ef96d717c36f5c07a7d3fa9f847d1b7ac76413c", "5f6f96c9d5afa6a87c97f5bd6f2192e898027a8f9248a48421504e97e9b7e3b5", "6042c3b779f89f9f5ed0523b2a7f8287c10617cbf93b08c4cf1c12c1c707a681", "625cf0c432f6968c9e95fca390731e5dd8d62ea612086e074b60c5805e66ede1", "6524c2f0e746ee13d2e08b4ca3d11463337798916d6114182e9ae37de49f3384", "65281ec42f199cc5f8e744085ac8508e4998daa9d705c29ae16cd60e5b3bc263", "656da542f2b2edfb967cf65064e7de6226d56f48fe15a3770a27f48fdc846c5f", "658ac868ff36785143f36acf7195dbf32b2dbbb4dbdcd86287b5def88ba3b400", "6623f98961c41d1668d4d68cee330342764f300cf9392aff7204f61fe57f545b", "67175ee4128a4e1639c8e4ab28b772e28579cb62d1fca9ccfae7ad646ecc6e27", "683647a3fbd8ac9b1ee70bb44941c66ae7ee0452ab9ac50b9fe5bc96ed9dd939", "697b89f98dee916207c1c65cf8f955b628aaa4615354486e33afadfba2a1a512", "6c945dc7cfe312c77643000f817a929650f70b9ce00f91e20d54ede24e66c10c", "6cb9cf5ec1f99b9d2d6f9f6ab5a2c61c596c6bea4bd5a073244f4f1dd322d6b7", "6de1c385e305a3da5940edaec95b17263a432f6451d9f013460c7e817ceb5312", "6f4ac6b81aab01dcf750f3f8e46369a0ec23547f2ae9a7630356720c5bbbd838", "7125fdc1a7986f1a72fe9157e9cb836aa8fa329a254fc94de269733ca72e5350", "71802245987baa11f396d7ba8685724eb33cf6b2e40dd6058986fcd9334ff24e", "71cd65c7d243698908c237a821284c9c7c1080089462afbb6d354c6cd21ba05f", "73017f0068134a8ff3b5467081aaf77e8f8babab0ff01e7748bafd84a3ce08e4", "73b75887fc5c644c37c46a027ca61e3eee652b0d19519164ee6516cde039f3b3", "74f3cebf6023ed8afbbb0d3c112eec29a888e1b18fae2612a2a034df9bf43112", "79e6f8f8beebfd37368e40139f5c1fc41e808d90670dc8937e8a4747b727b253", "7a1fad0047a2693c17028a28db3d69b8d87152b897c56cab252aaf6610900ce0", "7af9adfaeafaa38ede476aa64548b4cd24446e52050a2d1e0afc1ff5c96698e9", "7b8bfae85a19abc509742de08282eb1fec1935e59694263eba4d45210d289dd9", "7dec2938f55bdb974617cbe706c0c4deca73db6b2aa040b51a54fc9f76bcaa64", "7e5bc158973f1d40ac4fa9d1e8d5ae4d97684dd4419ef1e360f8fad3908d1559", "7ed3530e2133645819dcf4f8ccefcb076c25f4394a47e9caf33dc23dab0e97fb", "812ec966f372dc291fac50844dcb73c05a70135ec77813d251f434fe9bb59201", "841d19a9520e8404bccf0b1efa1e84317791d85d318d9fab4352d3ef53182ff8", "845de6b2f9d31879e80a397fbb73e16802456228e9da394615b066d8a3182101", "87a8babc09b083e166f157b28037d60bb7d7c2771b62ba28f7bf80d1cc27cb66", "87ada3a1d254379b35aec50c568d22d955bfe59ae8fc697f5cd15c1541267fe6", "87f04ef18b3d5149adba027b1a0fe272c0ad5c9c97aaf83bce3e63c7f8547ad3", "87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "8a6d9b80e0531ec12002ea81a264444d43cbe3bb22c12ab7319c95cc8c8a7ac8", "8c40f3b10be794d5ba25b2356413c0e20f8cc7cab1dafd9459b28eae47dcc3e6", "8cfc1b92bd407118d0bd73db4f9767d781efd324763ba8b1ee4b4e67aed6bd5f", "8dd7aa42358224b6584051377617c147be232e917a9b210452d15379cac91438", "8f83a9ed9f29ec40756e77858cd8a1f8d275ffc30de6ac8fc23f0069ae0ae8c4", "91ba81d1ab82561cbbe86b295b38a159170c7d09251ccc3a9359e1988a91ca0d", "91c761263eb9d50de396454e3a8f569cc93f20a53f6240f520b8739110ac1aee", "92d11cbabd79ff2d15fa8d9c5f1af9a91f6ad7aa9f4316681c51ff9d592e3cd8", "92f2ec294792600916ebf41a1a8c3436d664a150e13247c0596b110dcba90326", "935939b2b56acd7d6022cadebeae3c33c7c8104201ff93875ffd2725648551e4", "937d953ad57cb1a9f43d8024d4318d387f0740663b52a3e6e5a6e1b20d24d669", "93abb623deb15ad94f95b989852bf4df986c044b0c00749469daa24795d06a55", "93cb938e32aa53b293a6807c32998b3566dc8d5fb4080c7279797cf2df66f3de", "93e38a8c30babfcdd19cc766b35750731179f6ca39c1049086d58a64adf82654", "95f814a551542faf5e52ba0919064eb5090635f7fd0940b84ca7869ebb65c880", "96e98c4ff68bd6253087b36c1d55031b67d2c2e32c779456c65e30bfeb278a87", "997a9ce5ca6a2c92b6e918d36e33eefbb1ca18f943045010131f326ca060c434", "99fa57aed5d9f49f7ca628273eff032be15b7382b7979606c74974ed85ff2479", "9ac2c8ac3234e2d1e8f588d4a6852ba150954d810ea26d1525a14a1f88e5047b", "9b7cd2a783715fbb76d7e81a5e982c597a21f4abee4211ffdb5182cdf9d388b8", "9bf6a9bb30853445e1fd1f01e1dbc86bcbdc5ae59221352004f80d743497a1f3", "9c2d66388ec7b805d18078ff3ed1918f9c6a1fa0fee8359588fe1165a3c531f9", "9d937a51f9b3efc3427e726276680f861d3db0dc145031dcb5c899597fa9cbba", "9e7dfad71b2d8b6b1b3a5ae3b6ac007ee13d902e35b01c1649a342183ab4cbca", "9f2f1dfe39100159910c19cdbf08935526f2cd478ae6a53d1557b55a7d77d499", "a09501bcc0b1c72e9966452ab146f3c91b10c3c59aac0970f91a25e786afed98", "a0ee575740039aea7a994cd900078c2681ce01377e28399ca67a2e8a8ec790cb", "a47d40426a2eec5d97e8abcdab227fedaf308fac5b1e0101ecd074d1fcb44327", "a647c80cecc6cc7d5bc9732c1bad5b696f1167dff34445062b996dcaf70bc25f", "a7390297dca543b3b865881eac7b800e6b45c9b759ae54d042a32de3bdb8f62d", "a8b469439297e8c5995193efbf45733113b147b7fbef41ef20301719c8213304", "aa2c9bcac719fdfdfef2e7b8f28dcc3a5103b71bac02e915f0f5b5ada8a32882", "ae3fb78b30f3980a14f4a5f62604f7ee6987f3f954addadaf5800029de40ba35", "b07f680f33cfa6cb260ea7076560e0014e2cbe081b55918b890cf71b1a33f721", "b11a5d333f729323410212c6ef9424e66a19b29356423e0240e08d0fa731730e", "b18207f625b93ff4a5341a2d73030087a3d70d39363b7498c9785d3c5df8efe9", "b2006bb6812f35ca9f5a71e738c2c7ee55b671353816f7fd8f5edc1ab3a99c71", "b31aeb7d42a84d35137e99fa02340ae31c886a66733be494adefbfedf6c7620b", "b3620406b31d8f25e47f9c9308e378b4b051ea649e9f8223e919855abeee89fb", "b3e85640920cb4da9e34308509532db8daecc81dd9decddcf598b9656a4293f9", "b4108ef83d628696525558adcda9004a5f2a52aa932ee0bfd1837375d07ae730", "b4a6c1d8ecb5168484e381b33533e0af87b94081acf9e2ceb9b76ef91fb50964", "b4e43316a1cf4cc5faf8b9abd1326644a4321341a6e93e5877229a2065e22765", "b6eddb9f5baa0a85a9b3fa10ed3f4085c311695dfc300c980faf3ee1bb73159b", "b9f5f468c043286025b57e2f97552c6555dbca90a19ca61c7e1b20d8eca33409", "ba4790ae6a2a9eed4358c1508839d44804044a645c80110df3aecb30d986ad72", "bab7e52ff13759a5f7a029710a085199599a0943400b58b7a3aeccbbad494901", "be59f5a8215a4c9312400cb37fed9223df234818b4725e38118a5d1faeeefaf2", "bf87804e1f9e09d29f3515b52d11a1a69cda9ca2efb1cb814cd4cb91449eeeda", "bf8f48b5ac2f1cd83f02196424aee5c55b3ca521142117cceebf7c1524f284dc", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "c0842affff3c2b94d4b8796f9ca7b2f5605f101db90adae18dca42e5c5581370", "c0ce00f8856b42d4a2d4508098456b3cb074b664124662457e9a75595afd6080", "c2c9b1b74eaa7d9aba9fd304e748f0036ea151005fb47bd663efa388638639a2", "c4eb390725651e249cd830f1afb669280de163218d1db2219ee4480d55a63898", "c4f9754aca25e2ba35c33c2b8326b1b24ed80987fdfdd555e708e1c023912d7b", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "cafb07af246876128696cec697cb7223890735acc0773ffab243f2426402b5e8", "cbef41522b27d19bac7137a898d906d18966d995c76724328d358b00f48a2a30", "cded3e0c21be23b49b1e205f21af473eeb974c720863f3533655977998aa5a1d", "cf79acdfec6764e045d2934eff4afdd002751eeb133753227a2a1fd42d771062", "d065e44fa9602415606d193030c9ac8c167f7ddeaf8f851412360c80d8795023", "d45cca16c6c558ee3240d5004897aa95d0cbaa3b6df17fe73283b304271e0fb6", "d5eb003e05552a60f749379870c6cf6e99303012cfa69fb34ea02d4c21158d34", "d87afb8942847fbf88d11d3fbf5c4e87e2a49eff02acbd75c3f92f87ddaaa6af", "d88b58927b661f8211f6529aa53915b50fb2b18aa3604f827a494701dbf0dca0", "d89d501d4295a219d971657ee559a05474f71736ddea013ba2ebf532f56d7619", "da241c69024fc3bd2f1200a6b8d90cccc45f4f7d34517e495d477eb4d71f5886", "ddfd62282607ce057c3f1a1e824fca158399f911d98542719f13b915db468712", "e0b90bd47f3a0cb941748bfb4d06c679d955a2d3305dd71451012624c4860028", "e357d686c69efbcb653d8c6178a4eeeaf48d65ecfce1decceb7a95fb75ab222a", "e4cd21d33939ea49dbf9fdddae314b05d0f0c0140ae38e1ad72b61fd8f434a08", "e4da3bd1202a188303802655a48e00535b0bb324efb8931121960d9b07491daa", "e954c39de53249cbb08df47bb9abaca683802e12e35f204ad9bf722c7e2a4f1a", "eab92812cef69142cc30648c4dbda30dddbf4bd0a83b33227c30b2c3d7f89f9f", "ebf584b889bc7b39bc67ce311018e70271a851a0c6fc3cadc3a8160da1b6c2f1", "ee7faeec9bd5ca5594647e30d5a950bee6ca2d247b332d42e5fd317bd967e5de", "f0d07bc6db44f97feb840983dbd73bdcde5c08c93701ef65929636bbff14df3e", "f1db18cb5286c115ffbe04309ea3c22a33782d2aab30b83ef206602e51a2829a", "f2130551d92ace016cdea75fcf77149829008607a5ebe97b6afec3b5813d435b", "f3981859e4ed77c6dc8b3d0b3f2ff4fa2817b70f8e429136c45f274ce1f63b2a", "f3a1f03f91d5e0698977d91ca80aeb76a8ec4cb8bbf72d68d468b8a03008fb9b", "f43b186a5a8b709f4b273b49b8c3655a18ecd2ca65954fae3af730f05fed8d4e", "f4ffc9f5f68b39da75c38d8a526f4bdd74fd2f371afa6a5d6fd50925c7991341", "f5d840373be2de639c78c2a5782bd36ee76be199cd77d6e3381a8b027c754f83", "f68a7ae5c921dc2976c56aeca5b3f53241b470675bfe475dd82be310c378f8be", "f8300b883aede32c86392f6cdf22742a4b70b266ff3d26375ed805e21ec5919a", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b", "f95d50fc5207c9107f745edfd40f85b0120db98d3f2810f4b9fe6134aa31adbe", "faaab60b17433bb2305aa4773f054dadd7050b7352a93691302af7a7b7c258f6", "fc9eced322e9562bc6cb69d1667ade9c4eb99a410cf4b275e1884181433645b6", "fec34a25c4c25b5f2ad280018ea8180007799ee25a055cf52f47f3d7eb1c4096"], "iocs": {"domain": [{"hashes": ["02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e"], "host": "footarepu[.]top"}, {"hashes": ["014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b"], "host": "zofelaseo[.]top"}, {"hashes": ["04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc"], "host": "folueaport[.]top"}, {"hashes": ["18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63"], "host": "vvorootad[.]top"}, {"hashes": ["189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130"], "host": "dosehoop[.]top"}], "file": [{"hashes": ["014b3b9e320110980c62166a08832fda7b2bd8a6b095ee18ea8bfe4372caa690", "02909271cfee6ff35f7c9da9ed2354f589247809f4119b46b237c4ba45f02db5", "02ac3145ddddff7fd3e75985cbb8bbe9f094ce01b973d4a12870d009df968be2", "04476696529134b2926b26c0427fb471084227fbaf0104d6e480379f9990bb5b", "071e792d60441d74fc28cc37ec9237a4174242ee4611fb0aaab3356fb3829331", "074afa99c7845566231749b727db862f16924cf84a03a9bad5f8146c13e02947", "078848b174d490b613545f8fbc98ad18543c426916451bfc7aee51fdc2b979c1", "09f7f3c299beb9be5a5f223b6398b867433dd5171045b37dc8be815421e35119", "0a2bdecf39d98dba8eeafad36252d9ae0164032bdc404a8f8da8f27623657fc9", "0e2c6cbee4f20e09c92d2c8534dadd1665eb58f8f5a662ea63a9d9556c5a3bf7", "1033538e6ac46ade3da7b644f3e1d07b5a89dc40f7f58cf6a501e885813fc0f7", "11b707b076bb829d8e86b775e1f005e6bbab3e9dc3efd223a34e46e53ed2f747", "13cf6351dee9bf68beeefa1aa8c003f6bc689303dd19e1e4c8e9dc88d39b82e7", "148173cc7590e62277ad64cf59fea93a556bd0bd578bee8de3628aadcc93176c", "14c490ab9716eac9edbcdf2d9f49f10ac1d431f47ef26f76c37611c5437b91d8", "15ca3df33525ce91e6920ed4621c5deaee74a86b9299123e844d0832a885aa8b", "18767f3890df85eb67b775c4fc37d39116f5e7c59222d430820d9d270508941e", "189abb02afe2a834dfeba5613b2d2f3cefd8143237301be1b8f49d9ed72de130", "18f431c306631e11bdbeb7d45668e12ec9e9a1fc2faf0d8202a5e5d78b621bd7", "1ac3723f78e87ce505114e1204d40da4af14f6470779dc58f3662dc7a1cec046", "1b882e4bf3c0c2b7c7ee7d98ad28a72c94684f0bf70acc34ca3fafcb517bd021", "1da8654cfcc0a2c57d35cb8e9ca50034ea26a4e2a7ede9ba02244c4c030a69e7", "1f567c2e7f5e0e0143259ce8daf14c07d29f6d6d71f227a62bc4c8861f406d63", "202ed2316d5ecbd3670cefcd64c0fd49a577e77d3a61290a78a8450bb7c627e8", "20f92cd40972708128a8e3b31441218de329e59c4858eb3419100c8a6a4de7e3", "53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "c069490aeac1ca7ab17d832261a394323941d337de48aa3c73301cfb21063f4d", "c7f8d2693dd316f1e5f914cdec35d8f2e4b3a30f8b678c5b205623aec0242766", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b"], "path": "%HOMEPATH%\\AppData\\Roaming.eXE"}], "ip": [{"hashes": ["53ff35a06a0c62ee3f669a0a31cfa5b031e82e79e421814f9c5f644968cc5efc", "87f6fb97baf8a4a519fac40f3699fb68dabb12a491bf3ba28673d6878217047e", "f853c15505fe239f4d6adcd81ce4dd4b0747eb3f9b74436e9a4e45469c85860b"], "ip": "169[.]254[.]255[.]255"}], "mutex": [], "registry": []}, "reports_count": 30}, "Win.Dropper.Bifrost-7593600-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["4a90db4add682ee08ec03e4145b373503b7a6f23ff34c2b771fa78dee8e44bc3", "b91894048d0a84b1aea9ce9b947f4b32b5b0b8bb690b5e1f0010e5964b7bdf18", "68fe7fca6b557da2dc0492b70c44a7a4510b3a1e0f1d4c3d75662cfdc3fa5659", "8374b6d974e93d0b728514bb2f5db7dfb4b32969e15b7362c4c260e68fbdcace", "f04c620d94e41e30acdbe1c18f6df6fae97fad15d437874d9ced40d8402b9409", "a4d8e5d6dbb820150af6bb616fd2673167b477cd711afaa5484c630c18f5bdcb", "78fb8c5fd52940a7188f5e4788bd05d4a9d83faa78bb22e23e20cabdf839c963", "90e4cff29fc9df5cd3bc27bdcc5dcbbed7cc391d45ce38a1826e111aacef0a79", "96947aeb886bde239f1ca5e39fb1534afbeef46aa91dac46f448e3a82eee29e6", "33dd43fa4d96ddbfb167ee204c864586150e115579c9cc67964e6dfde5e40661"], "mitre_attack_tags": ["TA0005", "TA0004"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["4a90db4add682ee08ec03e4145b373503b7a6f23ff34c2b771fa78dee8e44bc3", "b91894048d0a84b1aea9ce9b947f4b32b5b0b8bb690b5e1f0010e5964b7bdf18", "68fe7fca6b557da2dc0492b70c44a7a4510b3a1e0f1d4c3d75662cfdc3fa5659", "8374b6d974e93d0b728514bb2f5db7dfb4b32969e15b7362c4c260e68fbdcace", "f04c620d94e41e30acdbe1c18f6df6fae97fad15d437874d9ced40d8402b9409", "a4d8e5d6dbb820150af6bb616fd2673167b477cd711afaa5484c630c18f5bdcb", "78fb8c5fd52940a7188f5e4788bd05d4a9d83faa78bb22e23e20cabdf839c963", "90e4cff29fc9df5cd3bc27bdcc5dcbbed7cc391d45ce38a1826e111aacef0a79", "96947aeb886bde239f1ca5e39fb1534afbeef46aa91dac46f448e3a82eee29e6", "33dd43fa4d96ddbfb167ee204c864586150e115579c9cc67964e6dfde5e40661"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["4a90db4add682ee08ec03e4145b373503b7a6f23ff34c2b771fa78dee8e44bc3", "b91894048d0a84b1aea9ce9b947f4b32b5b0b8bb690b5e1f0010e5964b7bdf18", "68fe7fca6b557da2dc0492b70c44a7a4510b3a1e0f1d4c3d75662cfdc3fa5659", "8374b6d974e93d0b728514bb2f5db7dfb4b32969e15b7362c4c260e68fbdcace", "f04c620d94e41e30acdbe1c18f6df6fae97fad15d437874d9ced40d8402b9409", "a4d8e5d6dbb820150af6bb616fd2673167b477cd711afaa5484c630c18f5bdcb", "78fb8c5fd52940a7188f5e4788bd05d4a9d83faa78bb22e23e20cabdf839c963", "90e4cff29fc9df5cd3bc27bdcc5dcbbed7cc391d45ce38a1826e111aacef0a79", "96947aeb886bde239f1ca5e39fb1534afbeef46aa91dac46f448e3a82eee29e6", "33dd43fa4d96ddbfb167ee204c864586150e115579c9cc67964e6dfde5e40661"], "mitre_attack_tags": ["TA0005"]}, {"bi": "modified-executable", "hashes": ["4a90db4add682ee08ec03e4145b373503b7a6f23ff34c2b771fa78dee8e44bc3", "b91894048d0a84b1aea9ce9b947f4b32b5b0b8bb690b5e1f0010e5964b7bdf18", "68fe7fca6b557da2dc0492b70c44a7a4510b3a1e0f1d4c3d75662cfdc3fa5659", "8374b6d974e93d0b728514bb2f5db7dfb4b32969e15b7362c4c260e68fbdcace", "f04c620d94e41e30acdbe1c18f6df6fae97fad15d437874d9ced40d8402b9409", "a4d8e5d6dbb820150af6bb616fd2673167b477cd711afaa5484c630c18f5bdcb", "78fb8c5fd52940a7188f5e4788bd05d4a9d83faa78bb22e23e20cabdf839c963", "90e4cff29fc9df5cd3bc27bdcc5dcbbed7cc391d45ce38a1826e111aacef0a79", "33dd43fa4d96ddbfb167ee204c864586150e115579c9cc67964e6dfde5e40661"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["4a90db4add682ee08ec03e4145b373503b7a6f23ff34c2b771fa78dee8e44bc3", "b91894048d0a84b1aea9ce9b947f4b32b5b0b8bb690b5e1f0010e5964b7bdf18", "68fe7fca6b557da2dc0492b70c44a7a4510b3a1e0f1d4c3d75662cfdc3fa5659", "8374b6d974e93d0b728514bb2f5db7dfb4b32969e15b7362c4c260e68fbdcace", "f04c620d94e41e30acdbe1c18f6df6fae97fad15d437874d9ced40d8402b9409", "a4d8e5d6dbb820150af6bb616fd2673167b477cd711afaa5484c630c18f5bdcb", "78fb8c5fd52940a7188f5e4788bd05d4a9d83faa78bb22e23e20cabdf839c963", "90e4cff29fc9df5cd3bc27bdcc5dcbbed7cc391d45ce38a1826e111aacef0a79", "33dd43fa4d96ddbfb167ee204c864586150e115579c9cc67964e6dfde5e40661"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["4a90db4add682ee08ec03e4145b373503b7a6f23ff34c2b771fa78dee8e44bc3", "b91894048d0a84b1aea9ce9b947f4b32b5b0b8bb690b5e1f0010e5964b7bdf18", "68fe7fca6b557da2dc0492b70c44a7a4510b3a1e0f1d4c3d75662cfdc3fa5659", "8374b6d974e93d0b728514bb2f5db7dfb4b32969e15b7362c4c260e68fbdcace", "f04c620d94e41e30acdbe1c18f6df6fae97fad15d437874d9ced40d8402b9409", "a4d8e5d6dbb820150af6bb616fd2673167b477cd711afaa5484c630c18f5bdcb", "78fb8c5fd52940a7188f5e4788bd05d4a9d83faa78bb22e23e20cabdf839c963", "90e4cff29fc9df5cd3bc27bdcc5dcbbed7cc391d45ce38a1826e111aacef0a79", "33dd43fa4d96ddbfb167ee204c864586150e115579c9cc67964e6dfde5e40661"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["4a90db4add682ee08ec03e4145b373503b7a6f23ff34c2b771fa78dee8e44bc3", "b91894048d0a84b1aea9ce9b947f4b32b5b0b8bb690b5e1f0010e5964b7bdf18", "68fe7fca6b557da2dc0492b70c44a7a4510b3a1e0f1d4c3d75662cfdc3fa5659", "8374b6d974e93d0b728514bb2f5db7dfb4b32969e15b7362c4c260e68fbdcace", "f04c620d94e41e30acdbe1c18f6df6fae97fad15d437874d9ced40d8402b9409", "a4d8e5d6dbb820150af6bb616fd2673167b477cd711afaa5484c630c18f5bdcb", "78fb8c5fd52940a7188f5e4788bd05d4a9d83faa78bb22e23e20cabdf839c963", "90e4cff29fc9df5cd3bc27bdcc5dcbbed7cc391d45ce38a1826e111aacef0a79", "33dd43fa4d96ddbfb167ee204c864586150e115579c9cc67964e6dfde5e40661"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-autorun-key-modified", "hashes": ["4a90db4add682ee08ec03e4145b373503b7a6f23ff34c2b771fa78dee8e44bc3", "b91894048d0a84b1aea9ce9b947f4b32b5b0b8bb690b5e1f0010e5964b7bdf18", "68fe7fca6b557da2dc0492b70c44a7a4510b3a1e0f1d4c3d75662cfdc3fa5659", "8374b6d974e93d0b728514bb2f5db7dfb4b32969e15b7362c4c260e68fbdcace", "f04c620d94e41e30acdbe1c18f6df6fae97fad15d437874d9ced40d8402b9409", "a4d8e5d6dbb820150af6bb616fd2673167b477cd711afaa5484c630c18f5bdcb", "78fb8c5fd52940a7188f5e4788bd05d4a9d83faa78bb22e23e20cabdf839c963", "90e4cff29fc9df5cd3bc27bdcc5dcbbed7cc391d45ce38a1826e111aacef0a79", "33dd43fa4d96ddbfb167ee204c864586150e115579c9cc67964e6dfde5e40661"], "mitre_attack_tags": ["TA0003"]}, {"bi": "potential-registry-persistence", "hashes": ["4a90db4add682ee08ec03e4145b373503b7a6f23ff34c2b771fa78dee8e44bc3", "b91894048d0a84b1aea9ce9b947f4b32b5b0b8bb690b5e1f0010e5964b7bdf18", "68fe7fca6b557da2dc0492b70c44a7a4510b3a1e0f1d4c3d75662cfdc3fa5659", "8374b6d974e93d0b728514bb2f5db7dfb4b32969e15b7362c4c260e68fbdcace", "f04c620d94e41e30acdbe1c18f6df6fae97fad15d437874d9ced40d8402b9409", "a4d8e5d6dbb820150af6bb616fd2673167b477cd711afaa5484c630c18f5bdcb", "78fb8c5fd52940a7188f5e4788bd05d4a9d83faa78bb22e23e20cabdf839c963", "90e4cff29fc9df5cd3bc27bdcc5dcbbed7cc391d45ce38a1826e111aacef0a79", "33dd43fa4d96ddbfb167ee204c864586150e115579c9cc67964e6dfde5e40661"], "mitre_attack_tags": []}, {"bi": "malware-bifrost-default-mutex-detected", "hashes": ["4a90db4add682ee08ec03e4145b373503b7a6f23ff34c2b771fa78dee8e44bc3", "b91894048d0a84b1aea9ce9b947f4b32b5b0b8bb690b5e1f0010e5964b7bdf18", "68fe7fca6b557da2dc0492b70c44a7a4510b3a1e0f1d4c3d75662cfdc3fa5659", "8374b6d974e93d0b728514bb2f5db7dfb4b32969e15b7362c4c260e68fbdcace", "f04c620d94e41e30acdbe1c18f6df6fae97fad15d437874d9ced40d8402b9409", "a4d8e5d6dbb820150af6bb616fd2673167b477cd711afaa5484c630c18f5bdcb", "78fb8c5fd52940a7188f5e4788bd05d4a9d83faa78bb22e23e20cabdf839c963", "90e4cff29fc9df5cd3bc27bdcc5dcbbed7cc391d45ce38a1826e111aacef0a79", "33dd43fa4d96ddbfb167ee204c864586150e115579c9cc67964e6dfde5e40661"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["4a90db4add682ee08ec03e4145b373503b7a6f23ff34c2b771fa78dee8e44bc3", "8374b6d974e93d0b728514bb2f5db7dfb4b32969e15b7362c4c260e68fbdcace", "f04c620d94e41e30acdbe1c18f6df6fae97fad15d437874d9ced40d8402b9409", "a4d8e5d6dbb820150af6bb616fd2673167b477cd711afaa5484c630c18f5bdcb", "78fb8c5fd52940a7188f5e4788bd05d4a9d83faa78bb22e23e20cabdf839c963", "90e4cff29fc9df5cd3bc27bdcc5dcbbed7cc391d45ce38a1826e111aacef0a79", "96947aeb886bde239f1ca5e39fb1534afbeef46aa91dac46f448e3a82eee29e6"], "mitre_attack_tags": ["TA0005"]}, {"bi": "cta-static-analyzer-malicious", "hashes": ["f04c620d94e41e30acdbe1c18f6df6fae97fad15d437874d9ced40d8402b9409", "a4d8e5d6dbb820150af6bb616fd2673167b477cd711afaa5484c630c18f5bdcb"], "mitre_attack_tags": []}, {"bi": "pe-dos-header-initialsp", "hashes": ["8374b6d974e93d0b728514bb2f5db7dfb4b32969e15b7362c4c260e68fbdcace"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-dos-header-initialcs", "hashes": ["8374b6d974e93d0b728514bb2f5db7dfb4b32969e15b7362c4c260e68fbdcace"], "mitre_attack_tags": ["TA0005", "TA0005"]}, {"bi": "artifact-pe-header-overlap", "hashes": ["8374b6d974e93d0b728514bb2f5db7dfb4b32969e15b7362c4c260e68fbdcace"], "mitre_attack_tags": ["TA0005", "TA0005"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. Bifrost uses a mutex that may be named \"Bif1234,\" or \"Tr0gBot\" to obtain persistence.", "hashes": ["33dd43fa4d96ddbfb167ee204c864586150e115579c9cc67964e6dfde5e40661", "4a90db4add682ee08ec03e4145b373503b7a6f23ff34c2b771fa78dee8e44bc3", "68fe7fca6b557da2dc0492b70c44a7a4510b3a1e0f1d4c3d75662cfdc3fa5659", "78fb8c5fd52940a7188f5e4788bd05d4a9d83faa78bb22e23e20cabdf839c963", "8374b6d974e93d0b728514bb2f5db7dfb4b32969e15b7362c4c260e68fbdcace", "90e4cff29fc9df5cd3bc27bdcc5dcbbed7cc391d45ce38a1826e111aacef0a79", "96947aeb886bde239f1ca5e39fb1534afbeef46aa91dac46f448e3a82eee29e6", "a4d8e5d6dbb820150af6bb616fd2673167b477cd711afaa5484c630c18f5bdcb", "b91894048d0a84b1aea9ce9b947f4b32b5b0b8bb690b5e1f0010e5964b7bdf18", "f04c620d94e41e30acdbe1c18f6df6fae97fad15d437874d9ced40d8402b9409"], "iocs": {"domain": [{"hashes": ["4a90db4add682ee08ec03e4145b373503b7a6f23ff34c2b771fa78dee8e44bc3"], "host": "lronaldinho[.]no-ip[.]biz"}, {"hashes": ["78fb8c5fd52940a7188f5e4788bd05d4a9d83faa78bb22e23e20cabdf839c963"], "host": "zoulou[.]zapto[.]org"}, {"hashes": ["b91894048d0a84b1aea9ce9b947f4b32b5b0b8bb690b5e1f0010e5964b7bdf18"], "host": "snouci[.]no-ip[.]biz"}], "file": [{"hashes": ["33dd43fa4d96ddbfb167ee204c864586150e115579c9cc67964e6dfde5e40661", "4a90db4add682ee08ec03e4145b373503b7a6f23ff34c2b771fa78dee8e44bc3", "68fe7fca6b557da2dc0492b70c44a7a4510b3a1e0f1d4c3d75662cfdc3fa5659", "78fb8c5fd52940a7188f5e4788bd05d4a9d83faa78bb22e23e20cabdf839c963", "8374b6d974e93d0b728514bb2f5db7dfb4b32969e15b7362c4c260e68fbdcace", "90e4cff29fc9df5cd3bc27bdcc5dcbbed7cc391d45ce38a1826e111aacef0a79", "96947aeb886bde239f1ca5e39fb1534afbeef46aa91dac46f448e3a82eee29e6", "a4d8e5d6dbb820150af6bb616fd2673167b477cd711afaa5484c630c18f5bdcb", "b91894048d0a84b1aea9ce9b947f4b32b5b0b8bb690b5e1f0010e5964b7bdf18", "f04c620d94e41e30acdbe1c18f6df6fae97fad15d437874d9ced40d8402b9409"], "path": "%TEMP%\\IXP000.TMP"}, {"hashes": ["33dd43fa4d96ddbfb167ee204c864586150e115579c9cc67964e6dfde5e40661", "4a90db4add682ee08ec03e4145b373503b7a6f23ff34c2b771fa78dee8e44bc3", "68fe7fca6b557da2dc0492b70c44a7a4510b3a1e0f1d4c3d75662cfdc3fa5659", "78fb8c5fd52940a7188f5e4788bd05d4a9d83faa78bb22e23e20cabdf839c963", "8374b6d974e93d0b728514bb2f5db7dfb4b32969e15b7362c4c260e68fbdcace", "90e4cff29fc9df5cd3bc27bdcc5dcbbed7cc391d45ce38a1826e111aacef0a79", "96947aeb886bde239f1ca5e39fb1534afbeef46aa91dac46f448e3a82eee29e6", "a4d8e5d6dbb820150af6bb616fd2673167b477cd711afaa5484c630c18f5bdcb", "b91894048d0a84b1aea9ce9b947f4b32b5b0b8bb690b5e1f0010e5964b7bdf18", "f04c620d94e41e30acdbe1c18f6df6fae97fad15d437874d9ced40d8402b9409"], "path": "%TEMP%\\IXP000.TMP\\TMP4351$.TMP"}, {"hashes": ["33dd43fa4d96ddbfb167ee204c864586150e115579c9cc67964e6dfde5e40661", "4a90db4add682ee08ec03e4145b373503b7a6f23ff34c2b771fa78dee8e44bc3", "68fe7fca6b557da2dc0492b70c44a7a4510b3a1e0f1d4c3d75662cfdc3fa5659", "8374b6d974e93d0b728514bb2f5db7dfb4b32969e15b7362c4c260e68fbdcace", "90e4cff29fc9df5cd3bc27bdcc5dcbbed7cc391d45ce38a1826e111aacef0a79", "a4d8e5d6dbb820150af6bb616fd2673167b477cd711afaa5484c630c18f5bdcb", "b91894048d0a84b1aea9ce9b947f4b32b5b0b8bb690b5e1f0010e5964b7bdf18", "f04c620d94e41e30acdbe1c18f6df6fae97fad15d437874d9ced40d8402b9409"], "path": "%ProgramFiles%\\bifrost\\server.exe"}, {"hashes": ["33dd43fa4d96ddbfb167ee204c864586150e115579c9cc67964e6dfde5e40661", "4a90db4add682ee08ec03e4145b373503b7a6f23ff34c2b771fa78dee8e44bc3", "68fe7fca6b557da2dc0492b70c44a7a4510b3a1e0f1d4c3d75662cfdc3fa5659", "78fb8c5fd52940a7188f5e4788bd05d4a9d83faa78bb22e23e20cabdf839c963", "8374b6d974e93d0b728514bb2f5db7dfb4b32969e15b7362c4c260e68fbdcace", "90e4cff29fc9df5cd3bc27bdcc5dcbbed7cc391d45ce38a1826e111aacef0a79", "b91894048d0a84b1aea9ce9b947f4b32b5b0b8bb690b5e1f0010e5964b7bdf18"], "path": "%TEMP%\\IXP000.TMP\\server.exe"}, {"hashes": ["a4d8e5d6dbb820150af6bb616fd2673167b477cd711afaa5484c630c18f5bdcb", "f04c620d94e41e30acdbe1c18f6df6fae97fad15d437874d9ced40d8402b9409"], "path": "%TEMP%\\IXP000.TMP\\serve.exe"}, {"hashes": ["78fb8c5fd52940a7188f5e4788bd05d4a9d83faa78bb22e23e20cabdf839c963"], "path": "%ProgramFiles%\\h4o\\h4o.exe"}], "ip": [], "mutex": [{"hashes": ["33dd43fa4d96ddbfb167ee204c864586150e115579c9cc67964e6dfde5e40661", "4a90db4add682ee08ec03e4145b373503b7a6f23ff34c2b771fa78dee8e44bc3", "68fe7fca6b557da2dc0492b70c44a7a4510b3a1e0f1d4c3d75662cfdc3fa5659", "78fb8c5fd52940a7188f5e4788bd05d4a9d83faa78bb22e23e20cabdf839c963", "8374b6d974e93d0b728514bb2f5db7dfb4b32969e15b7362c4c260e68fbdcace", "90e4cff29fc9df5cd3bc27bdcc5dcbbed7cc391d45ce38a1826e111aacef0a79", "a4d8e5d6dbb820150af6bb616fd2673167b477cd711afaa5484c630c18f5bdcb", "b91894048d0a84b1aea9ce9b947f4b32b5b0b8bb690b5e1f0010e5964b7bdf18", "f04c620d94e41e30acdbe1c18f6df6fae97fad15d437874d9ced40d8402b9409"], "name": "Bif1234"}, {"hashes": ["4a90db4add682ee08ec03e4145b373503b7a6f23ff34c2b771fa78dee8e44bc3"], "name": "0ok3s"}], "registry": [{"hashes": ["33dd43fa4d96ddbfb167ee204c864586150e115579c9cc67964e6dfde5e40661", "4a90db4add682ee08ec03e4145b373503b7a6f23ff34c2b771fa78dee8e44bc3", "68fe7fca6b557da2dc0492b70c44a7a4510b3a1e0f1d4c3d75662cfdc3fa5659", "78fb8c5fd52940a7188f5e4788bd05d4a9d83faa78bb22e23e20cabdf839c963", "8374b6d974e93d0b728514bb2f5db7dfb4b32969e15b7362c4c260e68fbdcace", "90e4cff29fc9df5cd3bc27bdcc5dcbbed7cc391d45ce38a1826e111aacef0a79", "a4d8e5d6dbb820150af6bb616fd2673167b477cd711afaa5484c630c18f5bdcb", "b91894048d0a84b1aea9ce9b947f4b32b5b0b8bb690b5e1f0010e5964b7bdf18", "f04c620d94e41e30acdbe1c18f6df6fae97fad15d437874d9ced40d8402b9409"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "wextract_cleanup0"}]}, "reports_count": 10}, "Win.Dropper.NetWire-7597088-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829", "3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "dcad45ed0d9cf9e7e9e626954e7baa68c585fdac8d2009aed36a6c669a67ac68", "b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "ff7fd2b347204d2196966910d7a77a54085f2bca77ac4b06e7d29f71a66b7d89", "f5aa5c10608e790ec4b2d79590b3ab1000560f211a52223972869937c354c3e6", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "ba96661424707f2d430bf9d5e8c915c6925363b163f7ad9855b8f72255615116", "82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d"], "mitre_attack_tags": ["TA0005", "TA0004"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829", "3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "dcad45ed0d9cf9e7e9e626954e7baa68c585fdac8d2009aed36a6c669a67ac68", "b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "ff7fd2b347204d2196966910d7a77a54085f2bca77ac4b06e7d29f71a66b7d89", "f5aa5c10608e790ec4b2d79590b3ab1000560f211a52223972869937c354c3e6", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "ba96661424707f2d430bf9d5e8c915c6925363b163f7ad9855b8f72255615116", "82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829", "3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "dcad45ed0d9cf9e7e9e626954e7baa68c585fdac8d2009aed36a6c669a67ac68", "b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "ff7fd2b347204d2196966910d7a77a54085f2bca77ac4b06e7d29f71a66b7d89", "f5aa5c10608e790ec4b2d79590b3ab1000560f211a52223972869937c354c3e6", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "ba96661424707f2d430bf9d5e8c915c6925363b163f7ad9855b8f72255615116", "82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d"], "mitre_attack_tags": []}, {"bi": "pe-uses-visual-basic", "hashes": ["e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829", "3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "dcad45ed0d9cf9e7e9e626954e7baa68c585fdac8d2009aed36a6c669a67ac68", "b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "ff7fd2b347204d2196966910d7a77a54085f2bca77ac4b06e7d29f71a66b7d89", "f5aa5c10608e790ec4b2d79590b3ab1000560f211a52223972869937c354c3e6", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "ba96661424707f2d430bf9d5e8c915c6925363b163f7ad9855b8f72255615116", "82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829", "3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "dcad45ed0d9cf9e7e9e626954e7baa68c585fdac8d2009aed36a6c669a67ac68", "b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "f5aa5c10608e790ec4b2d79590b3ab1000560f211a52223972869937c354c3e6", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d"], "mitre_attack_tags": ["TA0005"]}, {"bi": "modified-file-in-user-dir", "hashes": ["e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829", "3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "ff7fd2b347204d2196966910d7a77a54085f2bca77ac4b06e7d29f71a66b7d89", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "ba96661424707f2d430bf9d5e8c915c6925363b163f7ad9855b8f72255615116", "82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "f5aa5c10608e790ec4b2d79590b3ab1000560f211a52223972869937c354c3e6", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "f5aa5c10608e790ec4b2d79590b3ab1000560f211a52223972869937c354c3e6", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d"], "mitre_attack_tags": ["TA0006"]}, {"bi": "enumeration-browser-information", "hashes": ["b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "f5aa5c10608e790ec4b2d79590b3ab1000560f211a52223972869937c354c3e6", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d"], "mitre_attack_tags": ["TA0007", "TA0006"]}, {"bi": "registry-login-info-guest-modified", "hashes": ["b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "f5aa5c10608e790ec4b2d79590b3ab1000560f211a52223972869937c354c3e6", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004"]}, {"bi": "malware-pony-stealer-detected", "hashes": ["b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "f5aa5c10608e790ec4b2d79590b3ab1000560f211a52223972869937c354c3e6", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d"], "mitre_attack_tags": []}, {"bi": "malware-fareit-file-activity", "hashes": ["b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "f5aa5c10608e790ec4b2d79590b3ab1000560f211a52223972869937c354c3e6", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d"], "mitre_attack_tags": []}, {"bi": "registry-login-info-modified", "hashes": ["b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "f5aa5c10608e790ec4b2d79590b3ab1000560f211a52223972869937c354c3e6", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004"]}, {"bi": "deleted-submitted-file", "hashes": ["b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d"], "mitre_attack_tags": ["TA0005"]}, {"bi": "compound-vb-self-delete", "hashes": ["b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d"], "mitre_attack_tags": ["TA0005"]}, {"bi": "files-deleted-used-batch", "hashes": ["b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d"], "mitre_attack_tags": ["TA0005"]}, {"bi": "cmd-exe-file-execution", "hashes": ["b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d"], "mitre_attack_tags": ["TA0002"]}, {"bi": "pe-invalid-checksum", "hashes": ["e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829", "3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "dcad45ed0d9cf9e7e9e626954e7baa68c585fdac8d2009aed36a6c669a67ac68", "ff7fd2b347204d2196966910d7a77a54085f2bca77ac4b06e7d29f71a66b7d89", "f5aa5c10608e790ec4b2d79590b3ab1000560f211a52223972869937c354c3e6", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "ba96661424707f2d430bf9d5e8c915c6925363b163f7ad9855b8f72255615116", "82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829", "3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "dcad45ed0d9cf9e7e9e626954e7baa68c585fdac8d2009aed36a6c669a67ac68", "f5aa5c10608e790ec4b2d79590b3ab1000560f211a52223972869937c354c3e6", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8"], "mitre_attack_tags": ["TA0005"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829", "3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "dcad45ed0d9cf9e7e9e626954e7baa68c585fdac8d2009aed36a6c669a67ac68", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829", "3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829", "3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "dcad45ed0d9cf9e7e9e626954e7baa68c585fdac8d2009aed36a6c669a67ac68", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750"], "mitre_attack_tags": ["TA0007"]}, {"bi": "malware-compound-cta-activity", "hashes": ["e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829", "3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae"], "mitre_attack_tags": []}, {"bi": "malware-netwire-artifact", "hashes": ["e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829", "3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "dcad45ed0d9cf9e7e9e626954e7baa68c585fdac8d2009aed36a6c669a67ac68", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829", "3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750"], "mitre_attack_tags": []}, {"bi": "files-created-vbs", "hashes": ["e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829", "3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb"], "mitre_attack_tags": ["TA0002"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829", "3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb"], "mitre_attack_tags": ["TA0005"]}, {"bi": "startup-folder-modification", "hashes": ["e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829", "3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb"], "mitre_attack_tags": ["TA0003"]}, {"bi": "startup-folder-vbs-file", "hashes": ["e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829", "3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb"], "mitre_attack_tags": ["TA0003"]}, {"bi": "modified-executable", "hashes": ["752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8"], "mitre_attack_tags": []}, {"bi": "malware-netwire-mutex", "hashes": ["e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829", "3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "dcad45ed0d9cf9e7e9e626954e7baa68c585fdac8d2009aed36a6c669a67ac68", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8"], "mitre_attack_tags": []}, {"bi": "altered-sample-dns-flagged", "hashes": ["4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683"], "mitre_attack_tags": ["TA0005"]}, {"bi": "netbios-query", "hashes": ["340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-dns-malicious-snort", "hashes": ["1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-snort-malware", "hashes": ["1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-snort-policy", "hashes": ["1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683"], "mitre_attack_tags": ["TA0011", "TA0010"]}, {"bi": "http-response-client-error", "hashes": ["1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683"], "mitre_attack_tags": ["TA0011"]}, {"bi": "altered-sample-snort-flagged", "hashes": ["1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683"], "mitre_attack_tags": ["TA0005"]}, {"bi": "unsigned-roaming-execution", "hashes": ["579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750"], "mitre_attack_tags": ["TA0005"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["ff7fd2b347204d2196966910d7a77a54085f2bca77ac4b06e7d29f71a66b7d89", "ba96661424707f2d430bf9d5e8c915c6925363b163f7ad9855b8f72255615116"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["ff7fd2b347204d2196966910d7a77a54085f2bca77ac4b06e7d29f71a66b7d89", "ba96661424707f2d430bf9d5e8c915c6925363b163f7ad9855b8f72255615116"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["ff7fd2b347204d2196966910d7a77a54085f2bca77ac4b06e7d29f71a66b7d89", "ba96661424707f2d430bf9d5e8c915c6925363b163f7ad9855b8f72255615116"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750"], "mitre_attack_tags": ["TA0003"]}, {"bi": "network-dns-safe-categories", "hashes": ["dcad45ed0d9cf9e7e9e626954e7baa68c585fdac8d2009aed36a6c669a67ac68"], "mitre_attack_tags": []}, {"bi": "network-dns-category-parked-domain", "hashes": ["340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b"], "mitre_attack_tags": []}, {"bi": "sample-modified-deleted", "hashes": ["0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-communications-smtp", "hashes": ["82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-smtp-spambot", "hashes": ["82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "process-svchost-suspicious-launch", "hashes": ["82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750"], "mitre_attack_tags": ["TA0003"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "NetWire is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, remote desktop, and read data from connected USB devices. NetWire is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "ba96661424707f2d430bf9d5e8c915c6925363b163f7ad9855b8f72255615116", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "dcad45ed0d9cf9e7e9e626954e7baa68c585fdac8d2009aed36a6c669a67ac68", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829", "f5aa5c10608e790ec4b2d79590b3ab1000560f211a52223972869937c354c3e6", "ff7fd2b347204d2196966910d7a77a54085f2bca77ac4b06e7d29f71a66b7d89"], "iocs": {"domain": [{"hashes": ["4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829"], "host": "james7[.]serveftp[.]com"}, {"hashes": ["53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460"], "host": "dualserverz[.]info"}, {"hashes": ["0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683"], "host": "myp0nysite[.]ru"}, {"hashes": ["3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0"], "host": "uzo123[.]serveftp[.]com"}, {"hashes": ["1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db"], "host": "api[.]w[.]org"}, {"hashes": ["1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db"], "host": "gmpg[.]org"}, {"hashes": ["82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae"], "host": "microsoft-com[.]mail[.]protection[.]outlook[.]com"}, {"hashes": ["1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db"], "host": "web[.]whatsapp[.]com"}, {"hashes": ["23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750"], "host": "gypsypy[.]duckdns[.]org"}, {"hashes": ["1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d"], "host": "bags[.]mn"}, {"hashes": ["340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b"], "host": "pornhouse[.]mobi"}, {"hashes": ["52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8"], "host": "opixib[.]bid"}, {"hashes": ["579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda"], "host": "bishop123[.]ddns[.]net"}, {"hashes": ["d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a"], "host": "papergang[.]ru"}, {"hashes": ["dcad45ed0d9cf9e7e9e626954e7baa68c585fdac8d2009aed36a6c669a67ac68"], "host": "tizardns[.]3utilities[.]com"}, {"hashes": ["ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4"], "host": "eorul[.]com"}, {"hashes": ["1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db"], "host": "sistemacplus[.]com[.]br"}, {"hashes": ["1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db"], "host": "www[.]sistemacplus[.]com[.]br"}, {"hashes": ["4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d"], "host": "frankweb[.]club"}, {"hashes": ["82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6"], "host": "usbasri[.]co[.]id"}], "file": [{"hashes": ["03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460"], "path": "%TEMP%\\-<random, matching '[0-9]{9}'>.bat"}, {"hashes": ["3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "dcad45ed0d9cf9e7e9e626954e7baa68c585fdac8d2009aed36a6c669a67ac68", "e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829"], "path": "\\TEMP\\.Identifier"}, {"hashes": ["0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\filename.vbs"}, {"hashes": ["4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829"], "path": "%APPDATA%\\GHYTRFDRTTG"}, {"hashes": ["4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829"], "path": "%APPDATA%\\GHYTRFDRTTG\\filename.exe"}, {"hashes": ["23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda"], "path": "%APPDATA%\\Install"}, {"hashes": ["23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda"], "path": "%APPDATA%\\Install\\.Identifier"}, {"hashes": ["3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\wind0ws.vbs"}, {"hashes": ["3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0"], "path": "%APPDATA%\\zqxhkpjwc"}, {"hashes": ["3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0"], "path": "%APPDATA%\\zqxhkpjwc\\wind0ws.scr"}, {"hashes": ["579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda"], "path": "%APPDATA%\\Install\\Host.exe"}, {"hashes": ["0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb"], "path": "%APPDATA%\\subfolder"}, {"hashes": ["0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb"], "path": "%APPDATA%\\subfolder\\filename.exe"}, {"hashes": ["ba96661424707f2d430bf9d5e8c915c6925363b163f7ad9855b8f72255615116"], "path": "%TEMP%\\99a0_appcompat.txt"}, {"hashes": ["23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750"], "path": "%APPDATA%\\Install\\juyr.exe"}, {"hashes": ["579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda"], "path": "%APPDATA%\\FGBHYTUJIUY"}, {"hashes": ["579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda"], "path": "%APPDATA%\\FGBHYTUJIUY\\filename.exe"}, {"hashes": ["82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae"], "path": "%HOMEPATH%\\obgtcgwm.exe"}, {"hashes": ["1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db"], "path": "%TEMP%\\711562.bat"}, {"hashes": ["4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d"], "path": "%TEMP%\\734171.bat"}, {"hashes": ["82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6"], "path": "%TEMP%\\760328.bat"}, {"hashes": ["ba96661424707f2d430bf9d5e8c915c6925363b163f7ad9855b8f72255615116"], "path": "%TEMP%\\AA1AE.dmp"}], "ip": [{"hashes": ["0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683"], "ip": "194[.]4[.]56[.]252"}, {"hashes": ["82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae"], "ip": "104[.]215[.]148[.]63"}, {"hashes": ["23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750"], "ip": "192[.]169[.]69[.]25"}, {"hashes": ["82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae"], "ip": "104[.]47[.]54[.]36"}, {"hashes": ["82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae"], "ip": "111[.]121[.]193[.]242"}, {"hashes": ["82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6"], "ip": "103[.]60[.]181[.]238"}, {"hashes": ["1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db"], "ip": "185[.]201[.]10[.]1"}, {"hashes": ["82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae"], "ip": "103[.]48[.]6[.]14"}, {"hashes": ["1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db"], "ip": "191[.]252[.]63[.]14"}, {"hashes": ["4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d"], "ip": "68[.]65[.]122[.]86"}], "mutex": [{"hashes": ["3af3f307c5b1aaa3a45720cfae69ff81460dce4c9da0dea8c87a47a17faaa4cb", "4265eab00295ca620c827e71be4674ee18570027ba01269a36604066b92f1920", "4d26a04fe07e1059cef86588306026a39acbd96796a2a971bcc1d6bb3be4637e", "579b412e9a175250a6f4248685924ad260b23ef4757173bea04ef62397027eda", "752a6eabbd0eb73ed88633b288cde00fa4d47f66bbd42196d8631d5ff7525e53", "e8d68cf0d3aa0a33a8f8b36a25512a98b649d2554f2732bfb787d4c2b850d1e0", "f36eb9a8443fbc082be91b42183e3349e0bc2c19980581011ce42d5747ce5829"], "name": "-"}, {"hashes": ["23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750"], "name": "jpbuqnlp"}, {"hashes": ["ba96661424707f2d430bf9d5e8c915c6925363b163f7ad9855b8f72255615116"], "name": "Global\\54220ec1-56cd-11ea-a007-00501e3ae7b5"}, {"hashes": ["ff7fd2b347204d2196966910d7a77a54085f2bca77ac4b06e7d29f71a66b7d89"], "name": "Global\\10d125c1-56cd-11ea-a007-00501e3ae7b5"}, {"hashes": ["dcad45ed0d9cf9e7e9e626954e7baa68c585fdac8d2009aed36a6c669a67ac68"], "name": "thxETPfM"}], "registry": [{"hashes": ["03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "f5aa5c10608e790ec4b2d79590b3ab1000560f211a52223972869937c354c3e6"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": null}, {"hashes": ["03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "f5aa5c10608e790ec4b2d79590b3ab1000560f211a52223972869937c354c3e6"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": "HWID"}, {"hashes": ["03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "f5aa5c10608e790ec4b2d79590b3ab1000560f211a52223972869937c354c3e6"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003E9", "value_name": "F"}, {"hashes": ["03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "f5aa5c10608e790ec4b2d79590b3ab1000560f211a52223972869937c354c3e6"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000001F5", "value_name": "F"}, {"hashes": ["03626570f585d84e55af0ce856078e9276419d199f905c54bddcd8b22ed59531", "0fcd763cf9aacfe72a46b379a1b58234f969767077f0e58276d0c8496c780fcb", "1aa57ab794a26bf3e5ffe959a232d76d0bbceae45b4e4a95cd0020b9544c6d0d", "1cc2d9b34a545cd02771bf80cb5023dfbab5218c1e7de07625ac1acf7b2547db", "340e9f8c35eddc59064c602be4236f21168dca61b719c27c0663b79cef103a8b", "4a9d1b415b5882f72096da7178edcb29748bc3307e3ae1419c856746eae66e8d", "52f425836ad69e22d7594ef0b3ee22ecffd021a111e30f5dc9fc5425f6e0cac8", "53d97906225832b310be044db70b6287ed3a20d23f43a4f4d4e0b6b2c13c08a8", "82c60953f478ac1f71ce1dbc4902c08058b20391915d32bb13ff8ff7d523b5b6", "8761ab62984d012f514ec6ba9db5dabaf547729351c2db0d5bdcc3938a0381eb", "9a2f9de8fd437e175e94688d9e84e77e2803d4b2c9d110a44597dead122484ca", "b7082b2820ff5e857b192f79a6d4fbfe55f66bd309bdcea06d9d8b214a3b4923", "b9ba565eafc1c0d837bdf9e83e4be40c4966e8f9d23640b01c1a4a9caeca97a8", "c2f508a2d916a56c96985298988ac37e7352b013acfb30e142f13d7f998054f7", "c602c39491544712670f4ae93ffaf76beeb2eb86d4d1ac55bbcc25852a3a260b", "cc4378d3d98efcb04fc4ac8071fa68e1a55b95b23283bf2dabcc74a593633b38", "ce4b1e164c11a1cc3044cc0426f24eff4ed6149938cce855c116df7d21e4fef4", "ce74f6cb804c6a79fb5116681ad1213a3817ddbf36764a77a7390c9695e5e683", "d7bde929dbca9c1fd78a316e06b1aa2fce8941458fb5b39ceec35a3e6f49186a", "e87616e2107927082b5e15fd6182b2195a9b5b145b64ab86ed9377a05ef984b2", "f035cd43f031d6f6da06deb705da415337dec5c9d6ed402efbae98ca2a66f460", "f5aa5c10608e790ec4b2d79590b3ab1000560f211a52223972869937c354c3e6"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003EC", "value_name": "F"}, {"hashes": ["23184d75b8da1d8098ad7781ddfc7b6ef77fdd829adb43983cac9f179ba38750"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "mkre"}, {"hashes": ["82398b467b0d2d2f55111a2595fe665e416f9ee7fd47fc9ddb948a4d2f754bae"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "MSConfig"}]}, "reports_count": 34}, "Win.Dropper.Upatre-7594799-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768", "00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e"], "mitre_attack_tags": ["TA0005", "TA0004"]}, {"bi": "modified-executable", "hashes": ["2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768", "00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768", "00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768", "00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768", "00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768", "00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768", "00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768", "00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-fast-flux-domain", "hashes": ["2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768", "00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768", "00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e"], "mitre_attack_tags": ["TA0011", "TA0010"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768", "00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768", "00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768", "00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768", "00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e"], "mitre_attack_tags": ["TA0011"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768", "00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e"], "mitre_attack_tags": ["TA0007"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768", "00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e"], "mitre_attack_tags": []}, {"bi": "pe-uses-fasm", "hashes": ["2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768", "00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": true}, "description": "Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.", "hashes": ["0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714", "2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768", "41916cb900bb136db3075fcbcd3ac8a3dc5fde0a13c7e453fb6b11b3bafc8e5d", "4386803b1c154c636031265f233dad485dca8b16eb68df272aa20e82fa0467c6", "46fe38b78353cb5a40e661ee5c092c8e6a2fbea78bab2cd2012f564599d1b28e", "47f11bfc1842899b145311c7cf647c3c3103c7700cabcd7183187f28cd8a6ec5", "4d206d03a741c1492c8361da44be7bdcb0a1529baa6ece6250a803e5d330a442", "5135785f9508e9129a496af44d5294c37f414df789583ff7d67a0748a3fb9154", "54619c2a7af9af6232fc2dd6a2c3dd268e516bcb0b430b5e92780bfa714c0d7c", "56ec5627b09a5ff4a41fe99da57800d135609978614c9a529997f56e44ee65e7", "577c7ee597ca2102e07cb410134a7903dfdab3f46d5481fd7070f5d2f2c00b3a", "57fdec80f020ee81f315d69ea32efec8d1f7e8821827e5364c4ccaadd1c64243", "5be6c4760ce95c6d06786eb9407e43fbaca8d4a7a4618828e93e68504fde34af", "5dcf30c16f71bcd4bc19011a821efb16c272c03e50fe984b3e965df039a6aebc", "620bda9c7cd31a588807b99ac79830e59b7cb8cfd423c1e2a915a9aeb3101280", "634b122f925ac3c85e2743cc8aaefcac94f14ce31ad71793640f46d21fc03d32", "63ebb69f0b5dbe16634f4109f348eb9b416d9b31d7fa5f1a8cedf0d7fdfbd1ec", "648abbb5da2e9825194ca74b79c38e458ce2b1ad29067782da721990ce19b01a", "66d0f92dea8382ad0cbe5a9e4b3e156f4127b1ac3f5e2afbdbd8a6b7b74d4b61", "6940ea2354df5e01fe2406f8b1ac67b7846046e2f99ebb212d4b62f34a26c35d", "6a33bca3a82eab461a2f48e0c0121b9cb46426e219ae1dbd83973a7c86586b15", "6bfa86f3f5c77ce4e34a1a7aeafdfb4ae9fd0fa473bf5e8790193a9a3f5e43d4", "6cd1f89b167acedcd662e559340293904356df2b7ab853c65831a68bcb1bb8a7", "6eb24d950a508d3069c6ab0c044d06adf89a5788f70759691b23480bc99fd630", "6f5e14de35390f852cd3871b437821c6b3c8736872115cb7b00501921a7ecfdc", "707bc13ae00fc9adf559a8d9caa801589d6f2dfe044ada3b9f67856dd049efab", "71ec9fe7632117501aa3fc284830ec790280840cf0a2f675966970b440267d2b", "72cc5394bd3f06bface367ce41824cce6f406e1bf612d49ed91e3a3a5d5c86cc", "760d0d483a50354153c8e70ecab7d8f9a2004771f9dadb228574d968af0cfa6c", "77e2282d5eb601d918f8a1cfb7210c7579bff1cb011e49d1dae5c124cbe8ef25", "796828b76db6091db4bbb2a3d07f17db052e07d48502735266a023b9ed410c13", "7a3fdcefcf8ceb0a40884fef59837ae79270c3fbf56648681c0e51df133478dc", "7a993b2eddd9c2c24de8558dff6c2a0ad4fb6f49ce38790716055698b7a16b9a", "7d143edeba75bc7a1425c838c7e58bb6a9ac776b6f2d385325c8263d3c0d5373", "819842b1361941a5ac72bfe4afae4cec2dafbe76a84691cc8a863e1dc3aeceb2", "83263f82e82324db378b56a4fd8bad484a5babce86ef0b21ad7505989700c1a7", "83407c05925abfeb68d9f9037598ffb7163abfbd43d95e65f6882c9f2b3d0a12", "851b89b5b6d54178bbf004842b14534bd0e61d9a6ac6bb3522e2adf4bfa7f80d", "85c8f080484e2c25a4bb3ef9a7bf05e4ed9584ed0b79798f9c189727e1471ad3", "87a36cc0e7ade33b52b8e082bdd1d5bee22e47cb663400b61bf2f9bd21d12210", "893993dad58493b577322f9a14a29952aa4aa0a0a4ab4913871657cd4572c785", "89571b0d2759d54bbe5b401588d3736937a67839176d0a75eebf4e6856b03084", "89b6886945bcaaa8e33f722d666a388ed9061adbb829cdf024bb52982fbf0ed3", "904ead1db4a22a584fa077db7228d74f03a14c71744c6e59b84a4890ce120ad7", "9164d66d89ae4ae9d377bb4f438d36d67824feff9c4ec3db6aa3a72e8d0c4220", "93dc53829a79d62c8c7220901dd34c746c2f7904f0ec9a3979051e95d8fce054", "96834e3d779d0ac750560c410bb39ab11560a9831e51d96e53e743bde1db8320", "992e474ccbd1ee497d02950d9c604cee37209515ed709b8e54817a85fe7b2523", "99900feabcea282567b481761cacf70c1a8e38426f3a8f595a7b82732f3350d7", "9c039ada1d5a0053ac6d5fb33de465d347097f58e5344d6f0af4c7d81735d250", "9c1ec853385c306336eb06f19b2aa010f296b7fcf08e8202ceae552bb69bc956", "9cff74d69bd1d9aa27b4c2ffa6a2cb1b0b5978585ca679fef59b7fc581c3a530", "a13e47d7c906083f24369c40cbc320e0d75887c56502704fb339f5ebc6ef81aa", "a348908f893cf06ce455eb511f3d3b252ed3cd001cdfff427aacfddc96ab9fb4", "a589e2e1a576728c8cac38f940b3c24e545f9be328982ba3cb26cb9afb4c6630", "a63878257e1bdcf363b22f2eb345891b30fb84c4294358735d2d45e494e46228", "a6d8fad587fc3298ae8e9e1f625ab89e329d4716f738b2ee2923918a5b67caae", "a75cb005f3e3013ac4d9a58ee3595f06ace36a7735352851c848ba0be4a2192e", "a7a200d446ed8a4babe796a8c18a1ede13ac04483e769a3c954cef521061d996", "a90ffca80f360be52b6ec1c81f357d8e7982670674dde7b2b2c3d2f248e29213", "a94f571f54c01a81c69d5f9f537ac29bb1834eccb395f3e9a0d58c04dfda2cd6", "a9d46bee253f2c4291aff0ccec6d4e9bae82ae906ab8f468c9627545af15dd1c", "ab1355ff70784de2bae5cce0b7f2835f0d87dea2c5a96d6c907f1c6d871e9b2f", "ab8cff6a6ed639216bd6dfaaf2f879067f165a42ca21cdfcc48c94200a27ddb2", "ac0f4cb63df00263229cd31022b5db3655539d30063a6fdd665971c40d4d9a37", "ad509739c774ce772eb6d3bc9ac21164acc5906bcac158e38d444d33b9ddbc29", "adbbac9926f87ce720abf90e31f12e01ceeab666cece8a5af344de12fae00700", "b0226cf87c4e5e228f1ce1f90514767dd3834a2ee3ab3ca37cbc67a237194eb0", "b13444bbfc700383a92eec3446008f1978f94d1fed8399f99ac4f70f74f2fa49", "b17280d4f0a47c0a9a776af64aa0398a0c06bde4439e606b523af4497da033d0", "b2e60f46ab704347af0200e07ddbd1052e8873e4858559e6ece4775945232af1", "b39d9e41e3eab087120a8ae35b383917f3fd0862f272b1b12206d8b7c3ee69fd", "b3ac243e100d56ec0c56436e4f6597b82d1ad04d65cda0048de1c09a52baf80c", "b3c37abd33ac3e67d65543b038b723c590b5b25fbe3c8f5e2a6c51bbbe6bef8a", "b545c9d0ff07754fd796cda828d66b93c46e1f552c3e7700f8705321871cb098", "b60b9aeaaccbf5712839583ac324c068a57461ab069dc5ded3a144dce7008986", "b6c67530722ade19050f19f524297f3bada123ac5fb7db3d61d5fb22bb555d0c", "b9c6b2d458a43e0cef4a6cf42e5c1b38f94dbaffa733dba1619a8a6578faa92a", "bd12451ec3eaddb561369bfbf6e03583b709b08e487d032c0ed972ee35cb75b3", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81", "bf52d308cbed44b121bc15152093d72bef821f6549db43c3fa8f57b7a3253e98", "bf552f8aef3ca4afb678cd077aabbd41c224588ab5ebbcdde47a34ed7271c9d2", "c016ca6d8204002ece55470277d363633cd37d4cac911dca153cf71e936d26dc", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23", "c6a2e22330efa2339c4c1434a66e0fa2aafb9f0ddf545666be81d2cd89fc4d5c", "c90d28363b9ace289a2adadd3520f8f3ff7d7c3068c4120726abbad960dae58d", "c9161c95a96553ac9b7c26414ccb2c666fd682306c845bc1a65d75c7c604d703", "c9e3295a8e50b9610a14fd0d4178e052fe927b91e1062cfd6a0b58826f8386dd", "c9fb7e1a349ea8cc2a55d8f0b6ef013b3fd8daba5dec9d3f4c6e5f7252707e42", "ca6ec5e47738146001532f41e5ee6d1e10184c00c5e586ecc5cb218edb8e937f", "cb4f7d83038e7244123923bfaf971a0642b7243d4ce05f4b1c8acc7049df456b", "ccda9fdf044b1ee708c3037788453beaee28dd6e1e71bbe3fb9a48ea42cc148f", "cd65062a44186cb554693c3836de1cf63f373b3aff882ad4c249f09ceffe5a55", "ceb31a59502319c7060afa56b620a03ca6c855fde575ce7e3167eda80753ca0e", "cec1e4abea2520d63f08b4dfb82d690c91fbec44492ace258fcddab042a28f05", "cf49fa21729a9c37f9ff25e7063232c74e60fd5d550701b4892da1b069818d20", "cf5b09dd8801c0f906213445d7b994bd7053c0c40c754f34735810f9ff16de14", "cf8026d02829c236553332090277c42f7d59cf8004c669f1cbf4000dd56734c2", "cf9469b1623a730a565872fb6561ae58b92a711a9e77c1b0c3adedd8c8d52c9f", "d2019b70287672ef8b2bf73baf72cf1aceb5ef08eeaf7685c981a67318b8f565", "d63c7d944a6e4b18b74300d7bbdfb965839d7a39a8c75a5bbb86fcc33d5687e4", "d718d381e85cc033691635419fd6ba80bb6d30dc6fed9fba171b34aad25d167d", "d77990f579923de29b0bea9ffaa5ebc6bda316537bacd08e4d61652d62289fd1", "d9ca69a371273fd50a40b9633de4f77506027a1c00eba8d91ade295e00b0fe11", "da3e60eca2357a775b43a2bcd3be1a9253f94f1362fba79437735d8a7b570ec3", "de599a1299318555a50c37054303821566d9e4c0f5061159547f0864ce57946c", "df7d1ed77ad94196401e80a5cdd891ff6652584775e12ce4572593fc849883ee", "e297f3a9bda76afb26ec7ef560902d1612482ecbb486deaa7f2199eeebca1065", "e49eaf171ff62b8e90f900b0b1dcd80d8da27f7c5274fdf519754f3f57b0d8c3", "eb9e922917400f6c456f6e65af57f7cdd23ad4e35768837ea4de8c7c51c642fa", "ec8eb4bece8fdfba36d957565fd756be3aa6dd52b6d062e75d2510eca7bbd129", "ef4cf7c4c565ca1bbe06422919d16ad1abc55c0531610137fe5119f1242ca682", "f0e6c1aad9c34b7763fd80785025bc3fa3d91adcad8cb42a329ae8982a3cf7da", "f12a179dcde1a09c78a306f205a8afeae08785e618f130dad9f43dc7958bc88a", "f93b671a01f5a01ee74279475ec2b5680ae1c686da0b2cf8f52ad71ed69c9262", "fc816a49f72a0d433cfcde7d74a0d988658d657b20081d1c2ff9724583bc007c"], "iocs": {"domain": [{"hashes": ["0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714", "2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23"], "host": "icanhazip[.]com"}], "file": [{"hashes": ["0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714", "2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23"], "path": "%TEMP%\\murzuja.exe"}], "ip": [{"hashes": ["0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714", "2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23"], "ip": "38[.]65[.]142[.]12"}, {"hashes": ["00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81"], "ip": "104[.]20[.]16[.]242"}, {"hashes": ["0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714", "2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23"], "ip": "104[.]20[.]17[.]242"}, {"hashes": ["061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6"], "ip": "96[.]46[.]99[.]183"}, {"hashes": ["087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01"], "ip": "96[.]46[.]100[.]49"}, {"hashes": ["00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8"], "ip": "217[.]168[.]210[.]122"}, {"hashes": ["00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8"], "ip": "81[.]90[.]175[.]7"}, {"hashes": ["0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c"], "ip": "176[.]36[.]251[.]208"}, {"hashes": ["0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01"], "ip": "109[.]86[.]226[.]85"}, {"hashes": ["12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81"], "ip": "68[.]55[.]59[.]145"}, {"hashes": ["12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81"], "ip": "37[.]57[.]144[.]177"}, {"hashes": ["20833a3aa302aa6e67bf9a527e6b61f077b0740405231b1df53a7c6764558b6f", "2fefbeb2b24e4114fbf0eb5e6cbadd214c2d6a846aba2c776a1f1643cc26c6e6", "40ef4e2cc593c02e1f0c92e495ba7b76386e9e694e70707d681e4e8b0e3d5b01"], "ip": "64[.]111[.]36[.]52"}, {"hashes": ["061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3", "087b88d444146ca59a3c728f0c2a4a531ad7a2dbc3639ed84ee408bf6215d8ac", "2499f88be18379c4d00539250b0524632521fb7858baa0eca4bd807a9a05e908"], "ip": "66[.]215[.]30[.]118"}, {"hashes": ["0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768"], "ip": "72[.]230[.]82[.]80"}, {"hashes": ["0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768"], "ip": "104[.]174[.]123[.]66"}, {"hashes": ["0079acd8e4919c1d944690ed62db665df7ee2033f0788fce8819dbd1dc52b495", "32434dcee2ab34dccea41dc4946094c49c85fe698a1337566d200eb83ed2edc2", "3ab907d9ae4834ad819d9b0c22d15ae37acd43af4deff184d90fed1ab9abee6c"], "ip": "24[.]220[.]92[.]193"}, {"hashes": ["00acff5b0b1d66f3518cb494dd25453245dac6bcf7445f572138b216dc60dd5e", "24b01c67de3e123e84dc436772999cdf49f63bfea5367b9508a123d9a2b9bb20", "28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861"], "ip": "84[.]246[.]161[.]47"}, {"hashes": ["111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087"], "ip": "216[.]254[.]231[.]11"}, {"hashes": ["111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087"], "ip": "69[.]163[.]81[.]211"}, {"hashes": ["12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "bd14689becad988ac4207c3457a82af602775cbbd1674c36724840be6b899b81", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23"], "ip": "77[.]95[.]195[.]68"}, {"hashes": ["28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714"], "ip": "76[.]84[.]81[.]120"}, {"hashes": ["28a49addd94f0a2a849a1b9304fcf408ac231a65f1f21f667f1b962a0b9a7861", "2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714"], "ip": "85[.]135[.]104[.]170"}, {"hashes": ["2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c"], "ip": "24[.]148[.]217[.]188"}, {"hashes": ["2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff", "3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c"], "ip": "98[.]209[.]75[.]164"}, {"hashes": ["111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "2a67adf844b4e0ea5cad4864680231f8724862213d1416155675739686450087"], "ip": "24[.]33[.]131[.]116"}, {"hashes": ["339d409e062631e1e64bf39fd0d6d61a92a98da179a69463fac1c374b4d328d3", "3c6b988b8af205e01b2c6ce71e02826478a29c091badb34a2f86e0b196fda1ee"], "ip": "95[.]143[.]141[.]50"}, {"hashes": ["111cc7917516def507f0fc251b26a34e20507848a99405ddd8160bf409026679", "13c52d814547e6ef4379d980f95bed78b3d40b39a279573b9e049fb5099fff5e"], "ip": "173[.]216[.]240[.]56"}, {"hashes": ["2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587", "3b60c441272ef1ef1520e8295c583ad4abfb725f4ac21b26c774ea8fd0793cb8"], "ip": "81[.]93[.]205[.]218"}, {"hashes": ["12fc0b95918c16ada8f0833f544a07611f30f85211c9a77c73a249ce045b81bc", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23"], "ip": "77[.]48[.]30[.]156"}, {"hashes": ["0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768"], "ip": "64[.]203[.]121[.]6"}, {"hashes": ["0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768"], "ip": "173[.]248[.]22[.]227"}, {"hashes": ["3b90fe50da30f4c4a11687995c861586d9365c8cfab3ea0f9738f1254994cd9c", "c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23"], "ip": "76[.]105[.]248[.]137"}, {"hashes": ["0964da3037876a30f6d12b9205eea90a49b9bd63d603e052b7949b9abc0a1163", "40f3d8368c69f76e48aa4e23b621b8acd9ca694f1552741aeadff450656e1768"], "ip": "173[.]248[.]31[.]1"}, {"hashes": ["2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714"], "ip": "87[.]249[.]142[.]189"}, {"hashes": ["2b2ad88f7c73ed799197300e4c83ec7833fd6623d2c561690f9a1390de312714"], "ip": "194[.]228[.]203[.]19"}, {"hashes": ["2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff"], "ip": "98[.]214[.]11[.]253"}, {"hashes": ["2f3520224d08d4ce69596975e6d3e4aad40ebbe2514dc4acf30f97df967efeff"], "ip": "66[.]196[.]61[.]218"}, {"hashes": ["2347db85b21ae8dc4acbf72ff8c60d5793c27bc6e067fd394f2b8e0d16a50587"], "ip": "81[.]93[.]205[.]251"}, {"hashes": ["061a443b28bcfb65d9bf4535e28e8d069a57b3b02b7313ce724ce7d65ace6cc3"], "ip": "68[.]70[.]242[.]203"}, {"hashes": ["c1d786b8f78b63e84fc718fe9ba4c27390004d529709898d5eba9ca7444b1e23"], "ip": "173[.]216[.]247[.]74"}], "mutex": [], "registry": []}, "reports_count": 27}, "Win.Dropper.XtremeRAT-7594794-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "a0624e016eae6a07df74d75f4ff1a240c7502ce3e104a1df10ce3d8cd317815e", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "mitre_attack_tags": ["TA0005", "TA0004"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "a0624e016eae6a07df74d75f4ff1a240c7502ce3e104a1df10ce3d8cd317815e", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "a0624e016eae6a07df74d75f4ff1a240c7502ce3e104a1df10ce3d8cd317815e", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "a0624e016eae6a07df74d75f4ff1a240c7502ce3e104a1df10ce3d8cd317815e", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "potential-registry-persistence", "hashes": ["c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "a0624e016eae6a07df74d75f4ff1a240c7502ce3e104a1df10ce3d8cd317815e", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "a0624e016eae6a07df74d75f4ff1a240c7502ce3e104a1df10ce3d8cd317815e", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "a0624e016eae6a07df74d75f4ff1a240c7502ce3e104a1df10ce3d8cd317815e", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "mitre_attack_tags": []}, {"bi": "pe-section-shared", "hashes": ["c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "a0624e016eae6a07df74d75f4ff1a240c7502ce3e104a1df10ce3d8cd317815e", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-xtreme-rat-default-mutex-detected", "hashes": ["c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "a0624e016eae6a07df74d75f4ff1a240c7502ce3e104a1df10ce3d8cd317815e", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "a0624e016eae6a07df74d75f4ff1a240c7502ce3e104a1df10ce3d8cd317815e", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-svchost-suspicious-launch", "hashes": ["c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "modified-file-in-system-dir", "hashes": ["c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "mitre_attack_tags": ["TA0003"]}, {"bi": "process-with-multiple-children", "hashes": ["c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "cta-static-analyzer-malicious", "hashes": ["c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "a0624e016eae6a07df74d75f4ff1a240c7502ce3e104a1df10ce3d8cd317815e", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f"], "mitre_attack_tags": []}, {"bi": "malware-compound-cta-activity", "hashes": ["c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "mitre_attack_tags": ["TA0003"]}, {"bi": "created-executable-in-user-dir", "hashes": ["c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "mitre_attack_tags": []}, {"bi": "excessive-process-creates", "hashes": ["c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "a0624e016eae6a07df74d75f4ff1a240c7502ce3e104a1df10ce3d8cd317815e", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "mitre_attack_tags": ["TA0002"]}, {"bi": "pe-invalid-checksum", "hashes": ["18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44"], "mitre_attack_tags": []}, {"bi": "unsigned-roaming-execution", "hashes": ["c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "mitre_attack_tags": ["TA0003"]}, {"bi": "registry-activesetup-key-modified", "hashes": ["ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f"], "mitre_attack_tags": ["TA0003"]}, {"bi": "decoy-wpfv", "hashes": ["18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44"], "mitre_attack_tags": ["TA0001"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f"], "mitre_attack_tags": []}, {"bi": "process-explorer-suspicious-launch", "hashes": ["ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-dns-safe-categories", "hashes": ["ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f"], "mitre_attack_tags": []}, {"bi": "dns-dynamic-domain", "hashes": ["ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "dns-query-nxdomain", "hashes": ["189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b"], "mitre_attack_tags": []}, {"bi": "network-dns-category-p2psharing", "hashes": ["4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f"], "mitre_attack_tags": ["TA0003"]}, {"bi": "deleted-submitted-file", "hashes": ["96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-autorun-key-modified-nt", "hashes": ["96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c"], "mitre_attack_tags": ["TA0003", "TA0003"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c"], "mitre_attack_tags": ["TA0003"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "XtremeRAT is a remote access trojan active since 2010 that allows the attacker to eavesdrop on users and modify the running system. The source code for XtremeRAT, written in Delphi, was leaked online and has since been used by similar RATs.", "hashes": ["064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "a0624e016eae6a07df74d75f4ff1a240c7502ce3e104a1df10ce3d8cd317815e", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff"], "iocs": {"domain": [{"hashes": ["189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b"], "host": "in4ta[.]hopto[.]org"}, {"hashes": ["6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34"], "host": "xtremerat[.]zapto[.]org"}, {"hashes": ["96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c"], "host": "chrome[.]myvnc[.]com"}, {"hashes": ["ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4"], "host": "antilove[.]zapto[.]org"}, {"hashes": ["4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f"], "host": "lifefornoobs[.]no-ip[.]org"}, {"hashes": ["4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f"], "host": "trancegend[.]servehttp[.]com"}, {"hashes": ["2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f"], "host": "paxromana[.]no-ip[.]org"}], "file": [{"hashes": ["064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "a0624e016eae6a07df74d75f4ff1a240c7502ce3e104a1df10ce3d8cd317815e", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff"], "path": "%APPDATA%\\Microsoft\\Windows\\<random, matching '[a-zA-Z0-9]{5,9}'>.cfg"}, {"hashes": ["064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "a0624e016eae6a07df74d75f4ff1a240c7502ce3e104a1df10ce3d8cd317815e", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff"], "path": "%TEMP%\\x.html"}, {"hashes": ["14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff"], "path": "%SystemRoot%\\SysWOW64\\InstallDir"}, {"hashes": ["14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff"], "path": "%TEMP%\\~PI<random, matching [A-F0-9]{2,4}>.tmp"}, {"hashes": ["189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4"], "path": "%APPDATA%\\Microsoft\\Windows\\<random, matching '[a-zA-Z0-9]{5,9}'>.dat"}, {"hashes": ["14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff"], "path": "%APPDATA%\\InstallDir"}, {"hashes": ["064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98"], "path": "%SystemRoot%\\SysWOW64\\dllcache"}, {"hashes": ["064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98"], "path": "%APPDATA%\\dllcache"}, {"hashes": ["1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34"], "path": "%SystemRoot%\\InstallDir"}, {"hashes": ["189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4"], "path": "%SystemRoot%\\SysWOW64\\InstallDir\\Server.exe"}, {"hashes": ["14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156"], "path": "%SystemRoot%\\SysWOW64\\InstallDir\\dll.exe"}, {"hashes": ["14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156"], "path": "%APPDATA%\\InstallDir\\dll.exe"}, {"hashes": ["1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34"], "path": "%SystemRoot%\\InstallDir\\Server.exe"}, {"hashes": ["1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc"], "path": "%APPDATA%\\Microsoft\\Windows\\((Mutex)).cfg"}, {"hashes": ["1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc"], "path": "%APPDATA%\\Microsoft\\Windows\\((Mutex)).dat"}, {"hashes": ["8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec"], "path": "%SystemRoot%\\SysWOW64\\windows"}, {"hashes": ["d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98"], "path": "%SystemRoot%\\SysWOW64\\dllcache\\msn.exe"}, {"hashes": ["ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf"], "path": "%APPDATA%\\InstallDir\\xyzl.exe"}, {"hashes": ["716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b"], "path": "%SystemRoot%\\SysWOW64\\dllcache\\xxsnd.exe"}, {"hashes": ["d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98"], "path": "%APPDATA%\\dllcache\\msn.exe"}, {"hashes": ["716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b"], "path": "%APPDATA%\\dllcache\\xxsnd.exe"}, {"hashes": ["ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf"], "path": "%SystemRoot%\\SysWOW64\\InstallDir\\xyzl.exe"}, {"hashes": ["96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c"], "path": "%SystemRoot%\\SysWOW64\\rar.exe"}, {"hashes": ["716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b"], "path": "%TEMP%\\510photo1.jpg"}, {"hashes": ["716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b"], "path": "%TEMP%\\510photo1.jpg.exe"}, {"hashes": ["effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff"], "path": "%APPDATA%\\InstallDir\\vobl.exe"}, {"hashes": ["effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff"], "path": "%TEMP%\\765DCS032.jpg"}, {"hashes": ["effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff"], "path": "%TEMP%\\765DCS032.jpg.exe"}, {"hashes": ["effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff"], "path": "%SystemRoot%\\SysWOW64\\InstallDir\\vobl.exe"}, {"hashes": ["8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec"], "path": "%APPDATA%\\windows\\win64.exe"}, {"hashes": ["ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b"], "path": "%APPDATA%\\InstallDir\\vlc.exe"}, {"hashes": ["8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec"], "path": "%SystemRoot%\\SysWOW64\\windows\\win64.exe"}, {"hashes": ["ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b"], "path": "%SystemRoot%\\SysWOW64\\InstallDir\\vlc.exe"}, {"hashes": ["8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec"], "path": "%APPDATA%\\windows"}, {"hashes": ["4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f"], "path": "%TEMP%\\system"}, {"hashes": ["4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f"], "path": "%TEMP%\\system\\svhs.exe"}, {"hashes": ["18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382"], "path": "%SystemRoot%\\SysWOW64\\dllcache\\update.exe"}, {"hashes": ["18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382"], "path": "%APPDATA%\\dllcache\\update.exe"}, {"hashes": ["2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f"], "path": "%SystemRoot%\\Install"}, {"hashes": ["2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f"], "path": "%SystemRoot%\\Install\\zeax.exe"}, {"hashes": ["064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "path": "%SystemRoot%\\SysWOW64\\dllcache\\Bigs.exe"}, {"hashes": ["064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "path": "%APPDATA%\\dllcache\\Bigs.exe"}, {"hashes": ["2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2"], "path": "%SystemRoot%\\InstallDir\\skype.exe"}], "ip": [], "mutex": [{"hashes": ["064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "a0624e016eae6a07df74d75f4ff1a240c7502ce3e104a1df10ce3d8cd317815e", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff"], "name": "XTREMEUPDATE"}, {"hashes": ["064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "a0624e016eae6a07df74d75f4ff1a240c7502ce3e104a1df10ce3d8cd317815e", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff"], "name": "<random, matching [a-zA-Z0-9]{5,9}>"}, {"hashes": ["064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff"], "name": "<random, matching [a-zA-Z0-9]{5,9}>PERSIST"}, {"hashes": ["064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff"], "name": "<random, matching [a-zA-Z0-9]{5,9}EXIT>"}, {"hashes": ["1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc"], "name": "((Mutex))"}, {"hashes": ["1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc"], "name": "((Mutex))PERSIST"}, {"hashes": ["1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc"], "name": "((Mutex))EXIT"}], "registry": [{"hashes": ["064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "a0624e016eae6a07df74d75f4ff1a240c7502ce3e104a1df10ce3d8cd317815e", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff"], "key": "<HKCU>\\SOFTWARE\\<random, matching '[a-zA-Z0-9]{5,9}'>", "value_name": "ServerStarted"}, {"hashes": ["064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "a0624e016eae6a07df74d75f4ff1a240c7502ce3e104a1df10ce3d8cd317815e", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff"], "key": "<HKCU>\\SOFTWARE\\<random, matching '[a-zA-Z0-9]{5,9}'>", "value_name": "InstalledServer"}, {"hashes": ["064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e", "14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "8314a980d82e0c0abd2d51c44bbb9fcc0eb0d388e730d97e30b2d4abd8ec35ec", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "a0624e016eae6a07df74d75f4ff1a240c7502ce3e104a1df10ce3d8cd317815e", "ac7714fac188ff0cc932f752add2c001044b4ff3fb4aa73f5c3ef6f2a2ed17cf", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b", "b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff"], "key": "<HKCU>\\SOFTWARE\\<random, matching '[a-zA-Z0-9]{5,9}'>", "value_name": null}, {"hashes": ["14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "HKLM"}, {"hashes": ["189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc", "2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2", "2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f", "4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b", "6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "HKCU"}, {"hashes": ["064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e", "18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "Server"}, {"hashes": ["18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382", "716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b", "d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "Server"}, {"hashes": ["b893c36382ab489f6f23979f547b79a861457f08e0421a49756482a50a8a6d44", "c0bc592589a215bb74bd525b44330246094db50cdeb5722d057485a7aff01156", "effa69e2b4b1301360f48fd51e759151a0ef8e656800d3da4a1107a590fc00ff"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "dll"}, {"hashes": ["14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{5460C4DF-B266-909E-CB58-E32B79832EB2}", "value_name": null}, {"hashes": ["14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "ace5f789b508a16e2a2a9b81ae6a2f8152546eee393dd7b37677cd4e22b7354b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "vlc"}, {"hashes": ["14b5b5b795998d35a0d7fdbec17264d677ccbe42ca0f0012ddea0b89c581998c", "1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{5460C4DF-B266-909E-CB58-E32B79832EB2}", "value_name": "StubPath"}, {"hashes": ["18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382"], "key": "<HKCU>\\SOFTWARE\\FAKEMESSAGE", "value_name": "FakeMessage"}, {"hashes": ["1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc"], "key": "<HKCU>\\SOFTWARE\\((MUTEX))", "value_name": "InstalledServer"}, {"hashes": ["d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\\\52C64B7E", "value_name": "LanguageList"}, {"hashes": ["1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc"], "key": "<HKCU>\\SOFTWARE\\((MUTEX))", "value_name": null}, {"hashes": ["18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382"], "key": "<HKCU>\\SOFTWARE\\FAKEMESSAGE", "value_name": null}, {"hashes": ["4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{4YYH6UVK-0H14-53J3-2EKB-QFCG58W0Y54X}", "value_name": null}, {"hashes": ["4ed0da4f544326ee3d2ab53698ad556a7d79f2c71489be7586cb9489462c438b"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{4YYH6UVK-0H14-53J3-2EKB-QFCG58W0Y54X}", "value_name": "StubPath"}, {"hashes": ["6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{4N6D64W4-JGT3-3SRU-VEIG-428Y3Y04H28J}", "value_name": null}, {"hashes": ["6bc1a651a94482ad19df56647fb5b6e9b87be392ee8ba96794a778b8b27dfb34"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{4N6D64W4-JGT3-3SRU-VEIG-428Y3Y04H28J}", "value_name": "StubPath"}, {"hashes": ["d4fdf6ef3db3e219a672f7e7c18f81b3ded3d0639311cc8cb11df7ce0e128d98"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "msn"}, {"hashes": ["189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{L026V375-M6QD-607A-01BW-NY4DH11HTA1N}", "value_name": null}, {"hashes": ["189815a3c61f115518eefef42514e5ade690d68c3f17cd5f25503114f8c76d39"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{L026V375-M6QD-607A-01BW-NY4DH11HTA1N}", "value_name": "StubPath"}, {"hashes": ["ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{HKFJB33O-E41F-M622-6AAI-IK4GC3221H7T}", "value_name": null}, {"hashes": ["ec04f36832901dfef1738c851a8f5df812c94762cf1ebdaadb2117f00b4e10a4"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{HKFJB33O-E41F-M622-6AAI-IK4GC3221H7T}", "value_name": "StubPath"}, {"hashes": ["716d6bb0792522da08ad4af7d0ad9500d25456c1138c6afb151a61cdac8c1d5b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "xsnd"}, {"hashes": ["96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{3I373X82-54W6-7K8U-880W-2D6FN4435373}", "value_name": "StubPath"}, {"hashes": ["96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "rar"}, {"hashes": ["96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "rar"}, {"hashes": ["96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS", "value_name": "Load"}, {"hashes": ["96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS", "value_name": "Load"}, {"hashes": ["96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Shell"}, {"hashes": ["96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Shell"}, {"hashes": ["96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "rar"}, {"hashes": ["96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "rar"}, {"hashes": ["96b451f2217da28c874d357e574911ab5bf1534ef57cad4ee975c14dc1efe17c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{3I373X82-54W6-7K8U-880W-2D6FN4435373}", "value_name": null}, {"hashes": ["4840f56924ba0b45a510341a7b748ec5507aefa1cf451c6c42ac6a5755f7a76f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "System"}, {"hashes": ["1f89323eccd76c387a536cbed269f64ae84abe86a25474d73a8d9ea48bc222bc"], "key": "<HKCU>\\SOFTWARE\\((MUTEX))", "value_name": "ServerStarted"}, {"hashes": ["18f93702d819615f2c6132ff4c9b72fe82d857f8c72ef8c0fa0568cfb87ce382"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "update"}, {"hashes": ["2f4d1036e0074d324b78bd15da52c63602aa467455ba8271520b7ea96b620f0f"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{JFO4FG54-5NVD-38L5-60BL-UE4RPJUMA3HT}", "value_name": null}, {"hashes": ["2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{3P612TV1-BR01-S802-L72I-ST74A270CP07}", "value_name": "StubPath"}, {"hashes": ["064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Sounds"}, {"hashes": ["064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "Soundss"}, {"hashes": ["064c44467f1d528ec2d7da3190f5d0f0760825dd78dbdcd0800b5cf93ddfc35e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "Soundss"}, {"hashes": ["2ded94da0ecc3e9353762f4c097ab6bb4243ca51765e3075a60d575b4cda27c2"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{3P612TV1-BR01-S802-L72I-ST74A270CP07}", "value_name": null}]}, "reports_count": 21}, "Win.Packed.Zbot-7595026-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8", "1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8", "1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682"], "mitre_attack_tags": ["TA0005"]}, {"bi": "memory-execute-readwrite", "hashes": ["9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8", "1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682"], "mitre_attack_tags": ["TA0005", "TA0004"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8", "1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8", "1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8", "1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-fast-flux-domain", "hashes": ["9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8", "1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8", "1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8", "1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8", "1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8", "1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682"], "mitre_attack_tags": ["TA0006"]}, {"bi": "malware-known-trojan-av", "hashes": ["9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8", "1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8", "1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682"], "mitre_attack_tags": ["TA0007", "TA0006"]}, {"bi": "malware-pony-stealer-detected", "hashes": ["9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8", "1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682"], "mitre_attack_tags": []}, {"bi": "malware-fareit-file-activity", "hashes": ["9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8", "1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682"], "mitre_attack_tags": []}, {"bi": "artifact-memory-vm-detect", "hashes": ["9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8", "1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-certificate", "hashes": ["9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8", "1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8", "1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682"], "mitre_attack_tags": ["TA0007"]}, {"bi": "pe-certificate-invalid-signing-date", "hashes": ["9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8", "1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Zbot, also known as Zeus, is a trojan that steals information, such as banking credentials, using methods such as key-logging and form-grabbing.", "hashes": ["1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8"], "iocs": {"domain": [{"hashes": ["1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8"], "host": "aloucakbileti[.]com"}], "file": [], "ip": [{"hashes": ["1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8"], "ip": "91[.]195[.]240[.]126"}, {"hashes": ["1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8"], "ip": "108[.]166[.]65[.]182"}], "mutex": [], "registry": [{"hashes": ["1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": null}, {"hashes": ["1483f9f04971cf117cde479d601b247b2799922e733e5d35fd751dfb752c170a", "1a8719053b69c4a7c9276686eea82638f64c6c15c13ed44c532d4b650256212b", "2dbcea2a92e98a3a4d41a2b4e281aaa7247de43ebd3c19d6461f8a6a5d288a29", "32f4a6e21c6bb34c6a1cc0dd8cf8f796cae8f2e28f413b8b0b9498ae1679e682", "48335f0bfbdbd881848966178e6b993a8a6ae5ea7a68b31b985ff8c77fc259a4", "4c666cfa1f81701cd6756694a10e9840472ec0aef101a856b5f45bcaa4bef37c", "6f6d0d9bf3a2e132194c83d63f1fe5e6b6112cbb707874beb51d27e55ca16959", "904b1715e5ef21a0f8562ca8e785552459931cb7659fca83d5514e73b01e1242", "9e12ac912d40f689ba60b1d7297a834c7928e1ecd298d60847eec5b9a6b79017", "c71c0978b1eab31318e19dd3ba4147f947dfb88f2acba740c70ff9901bd1c732", "e2b2f54504e9f02a8cb68ea87e3f5fcebc32269e907c64a89d1980751d1d0ed8"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": "HWID"}]}, "reports_count": 11}, "Win.Packed.njRAT-7595003-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee", "8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b", "a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257", "6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "mitre_attack_tags": ["TA0005", "TA0004"]}, {"bi": "modified-executable", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee", "8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b", "a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257", "6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee", "8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b", "a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257", "6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee", "8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b", "a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257", "6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee", "8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b", "a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257", "6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee", "8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b", "a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257", "6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-uses-dot-net", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee", "8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b", "a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257", "6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee", "8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b", "a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257", "6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "mitre_attack_tags": ["TA0003"]}, {"bi": "startup-folder-modification", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee", "8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b", "a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257", "6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "mitre_attack_tags": ["TA0003"]}, {"bi": "netsh-firewall-generic", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee", "8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b", "a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257", "6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "mitre_attack_tags": ["TA0005"]}, {"bi": "netsh-firewall-add", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee", "8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b", "a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257", "6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "malware-trojan-njrat-detected", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee", "8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b", "a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257", "6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "mitre_attack_tags": []}, {"bi": "registry-disable-open-file-security-warning", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee", "8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b", "a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257", "6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-parseautoexec", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee", "8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b", "a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257", "6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "mitre_attack_tags": ["TA0003"]}, {"bi": "malware-generic-dotnet-trojan-uses-random-guid-mutex", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee", "8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b", "a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257", "6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "mitre_attack_tags": []}, {"bi": "firewall-exception-user-dir", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee", "8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b", "a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257", "6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee", "8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257"], "mitre_attack_tags": ["TA0003"]}, {"bi": "feed-domain-rat", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee", "a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee", "a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257", "6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257"], "mitre_attack_tags": []}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257", "6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "mitre_attack_tags": ["TA0005"]}, {"bi": "netbios-query", "hashes": ["c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee"], "mitre_attack_tags": []}, {"bi": "dns-dynamic-domain", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "network-snort-malware", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee"], "mitre_attack_tags": []}, {"bi": "malware-svchost-misspell", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee"], "mitre_attack_tags": []}, {"bi": "malware-misspell-binary", "hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "mitre_attack_tags": []}, {"bi": "network-dns-safe-categories", "hashes": ["6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.", "hashes": ["3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2", "8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee"], "iocs": {"domain": [{"hashes": ["3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257"], "host": "systeamwon[.]ddns[.]net"}, {"hashes": ["bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798"], "host": "shwii[.]ddns[.]net"}, {"hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee"], "host": "0[.]tcp[.]ngrok[.]io"}, {"hashes": ["6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "host": "windowshost[.]sytes[.]net"}, {"hashes": ["65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158"], "host": "hell3324[.]ddns[.]net"}, {"hashes": ["a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9"], "host": "hidden4matrix[.]ddns[.]net"}], "file": [{"hashes": ["65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798"], "path": "%TEMP%\\server.exe"}, {"hashes": ["3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257"], "path": "%TEMP%\\svchost.exe"}, {"hashes": ["8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b"], "path": "%TEMP%\\Config.exe"}, {"hashes": ["bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\9bd3387f7e8abeb14efcb3bdf5e7c89b.exe"}, {"hashes": ["3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\bb0e5f604f30988e0b2498356d0a2358.exe"}, {"hashes": ["8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\bdbc444244c8d079dd87ac27e84a52e2.exe"}, {"hashes": ["6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "path": "%HOMEPATH%\\svchost.exe"}, {"hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee"], "path": "%TEMP%\\svchos.exe"}, {"hashes": ["6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\38407b401d4c3fe12e0aa019abfe1c1e.exe"}, {"hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\9f78f6c54cd3644b404dda00839b7fa6.exe"}, {"hashes": ["65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\e425607c2d9b7766223c902817c469e3.exe"}, {"hashes": ["a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9"], "path": "%HOMEPATH%\\facebook.exe"}, {"hashes": ["a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\5ebda11b3fd5a5a7f5d1714d88c0f3af.exe"}], "ip": [{"hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee"], "ip": "3[.]19[.]114[.]185"}, {"hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee"], "ip": "3[.]17[.]202[.]129"}, {"hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee"], "ip": "18[.]223[.]41[.]243"}], "mutex": [{"hashes": ["3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2", "8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee"], "name": "<32 random hex characters>"}], "registry": [{"hashes": ["3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2", "8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee"], "key": "<HKCU>\\ENVIRONMENT", "value_name": "SEE_MASK_NOZONECHECKS"}, {"hashes": ["3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158", "6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2", "8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257", "bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798", "f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "ParseAutoexec"}, {"hashes": ["bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798"], "key": "<HKCU>\\SOFTWARE\\9BD3387F7E8ABEB14EFCB3BDF5E7C89B", "value_name": null}, {"hashes": ["bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "9bd3387f7e8abeb14efcb3bdf5e7c89b"}, {"hashes": ["bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "9bd3387f7e8abeb14efcb3bdf5e7c89b"}, {"hashes": ["bd2707d424bc88be4dfcdf7a7c0a6bc53aa9a760634be11222b542f289c18a2d", "c9dba92e18ca02c2ea1a007ac18ad149d527889496a892159eb3642229865798"], "key": "<HKCU>\\SOFTWARE\\9BD3387F7E8ABEB14EFCB3BDF5E7C89B", "value_name": "[kl]"}, {"hashes": ["3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257"], "key": "<HKCU>\\SOFTWARE\\BB0E5F604F30988E0B2498356D0A2358", "value_name": null}, {"hashes": ["8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b"], "key": "<HKCU>\\SOFTWARE\\BDBC444244C8D079DD87AC27E84A52E2", "value_name": null}, {"hashes": ["3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "bb0e5f604f30988e0b2498356d0a2358"}, {"hashes": ["3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "bb0e5f604f30988e0b2498356d0a2358"}, {"hashes": ["8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "bdbc444244c8d079dd87ac27e84a52e2"}, {"hashes": ["3ef25d1d353980ad2520e32b1b572f6cc89f9663b5fdede26e82a0ada4923c01", "ba8e06b7a75909f51aa597425432c532a92061fcdfb4652c5ad2566189720257"], "key": "<HKCU>\\SOFTWARE\\BB0E5F604F30988E0B2498356D0A2358", "value_name": "[kl]"}, {"hashes": ["8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "bdbc444244c8d079dd87ac27e84a52e2"}, {"hashes": ["8e9b7527288d425e4ae9eaa8a1aa18b95211f633aa8c445d3ff3bb7d290e9099", "a3b9c055304610aa65535697bc17b5a4a24868f81d7b832013bb1efb544c416b"], "key": "<HKCU>\\SOFTWARE\\BDBC444244C8D079DD87AC27E84A52E2", "value_name": "[kl]"}, {"hashes": ["6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "key": "<HKCU>\\SOFTWARE\\38407B401D4C3FE12E0AA019ABFE1C1E", "value_name": null}, {"hashes": ["6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "38407b401d4c3fe12e0aa019abfe1c1e"}, {"hashes": ["6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "38407b401d4c3fe12e0aa019abfe1c1e"}, {"hashes": ["6d616a0f4624ac3bf296775b7d4f4463086874b03250c26f7d9ac70eead17de2"], "key": "<HKCU>\\SOFTWARE\\38407B401D4C3FE12E0AA019ABFE1C1E", "value_name": "[kl]"}, {"hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee"], "key": "<HKCU>\\SOFTWARE\\9F78F6C54CD3644B404DDA00839B7FA6", "value_name": null}, {"hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "9f78f6c54cd3644b404dda00839b7fa6"}, {"hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "9f78f6c54cd3644b404dda00839b7fa6"}, {"hashes": ["f021bdb5547ce84dc5a6dc3b49926db736b275823bfdf792a2643705724d99ee"], "key": "<HKCU>\\SOFTWARE\\9F78F6C54CD3644B404DDA00839B7FA6", "value_name": "[kl]"}, {"hashes": ["65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158"], "key": "<HKCU>\\SOFTWARE\\E425607C2D9B7766223C902817C469E3", "value_name": null}, {"hashes": ["65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "e425607c2d9b7766223c902817c469e3"}, {"hashes": ["65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "e425607c2d9b7766223c902817c469e3"}, {"hashes": ["65d2420dd699fb1f44f67acd048eea2a25e38bf1d937c76409d3bab468504158"], "key": "<HKCU>\\SOFTWARE\\E425607C2D9B7766223C902817C469E3", "value_name": "[kl]"}, {"hashes": ["a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9"], "key": "<HKCU>\\SOFTWARE\\5EBDA11B3FD5A5A7F5D1714D88C0F3AF", "value_name": null}, {"hashes": ["a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "5ebda11b3fd5a5a7f5d1714d88c0f3af"}, {"hashes": ["a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "5ebda11b3fd5a5a7f5d1714d88c0f3af"}, {"hashes": ["a036f4468f651fcbdc9c127d6fd15a54e72e438d928558dc206fb36a154540a9"], "key": "<HKCU>\\SOFTWARE\\5EBDA11B3FD5A5A7F5D1714D88C0F3AF", "value_name": "[kl]"}]}, "reports_count": 10}, "Win.Virus.Ramnit-7597892-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "6e89caaaa958c55fccff5adfc9a2c48af0050133ea388aea0d611a39be24d021", "34d156c616d6afffc050fae92c5b9adff44272b171b60e70cb335784a2ad13b8", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8"], "mitre_attack_tags": ["TA0005"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "6e89caaaa958c55fccff5adfc9a2c48af0050133ea388aea0d611a39be24d021", "34d156c616d6afffc050fae92c5b9adff44272b171b60e70cb335784a2ad13b8", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "6e89caaaa958c55fccff5adfc9a2c48af0050133ea388aea0d611a39be24d021", "34d156c616d6afffc050fae92c5b9adff44272b171b60e70cb335784a2ad13b8", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "6e89caaaa958c55fccff5adfc9a2c48af0050133ea388aea0d611a39be24d021", "34d156c616d6afffc050fae92c5b9adff44272b171b60e70cb335784a2ad13b8", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-resource-lang-russian", "hashes": ["3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "6e89caaaa958c55fccff5adfc9a2c48af0050133ea388aea0d611a39be24d021", "34d156c616d6afffc050fae92c5b9adff44272b171b60e70cb335784a2ad13b8", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8"], "mitre_attack_tags": []}, {"bi": "pe-section-shared", "hashes": ["3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "6e89caaaa958c55fccff5adfc9a2c48af0050133ea388aea0d611a39be24d021", "34d156c616d6afffc050fae92c5b9adff44272b171b60e70cb335784a2ad13b8", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8"], "mitre_attack_tags": ["TA0005"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8"], "mitre_attack_tags": ["TA0005", "TA0004"]}, {"bi": "modified-executable", "hashes": ["3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8"], "mitre_attack_tags": []}, {"bi": "pe-packed-upx", "hashes": ["3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-known-trojan-av", "hashes": ["3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8"], "mitre_attack_tags": []}, {"bi": "modified-file-in-program-dir", "hashes": ["3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5"], "mitre_attack_tags": []}, {"bi": "malware-ramnit", "hashes": ["3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["6e89caaaa958c55fccff5adfc9a2c48af0050133ea388aea0d611a39be24d021", "34d156c616d6afffc050fae92c5b9adff44272b171b60e70cb335784a2ad13b8"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-ramnit-mutex", "hashes": ["643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02"], "mitre_attack_tags": []}], "category": "Virus", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": true}, "description": "Ramnit is a banking trojan that monitors web browser activity on an infected machine and collects login information from financial websites. It also has the ability to steal browser cookies and attempts to hide from popular antivirus software.", "hashes": ["176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "34d156c616d6afffc050fae92c5b9adff44272b171b60e70cb335784a2ad13b8", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "6e89caaaa958c55fccff5adfc9a2c48af0050133ea388aea0d611a39be24d021", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9"], "iocs": {"domain": [{"hashes": ["176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9"], "host": "fget-career[.]com"}], "file": [{"hashes": ["176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9"], "path": "%ProgramFiles%\\Internet Explorer\\dmlconf.dat"}, {"hashes": ["176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9"], "path": "%ProgramFiles(x86)%\\Microsoft\\DesktopLayer.exe"}, {"hashes": ["176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9"], "path": "%ProgramFiles%\\Microsoft\\DesktopLayer.exe"}, {"hashes": ["176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9"], "path": "%ProgramFiles(x86)%\\Microsoft"}, {"hashes": ["176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9"], "path": "%SystemRoot%\\SysWOW64\\rundll32Srv.exe"}, {"hashes": ["176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9"], "path": "%System32%\\rundll32Srv.exe"}, {"hashes": ["3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9"], "path": "%SystemRoot%\\SysWOW64\\rundll32SrvSrv.exe"}], "ip": [{"hashes": ["176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9"], "ip": "72[.]26[.]218[.]70"}, {"hashes": ["176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9"], "ip": "172[.]217[.]164[.]174"}, {"hashes": ["176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9"], "ip": "13[.]107[.]21[.]200"}], "mutex": [{"hashes": ["176b9a90fd733e2a9e1740f169c326d1e9283aca061fb347077dda1f7f57d9ec", "3525253f41b121d2355eb87270c8549d2ee43c39aaebbef5b3b59a282dd2d057", "3d828f510bacb5c21461913f8d3675a39a0aa4b0528796ae464340a6b6cb3971", "3fac755cdd70a60589efb24db320dfa9996f454298c30718cf82686de76d6a52", "643a1a549572481e2135c12ce90059e027e39eb5196ad4e297547574c04987f9", "80b91b5430c4200ddd41340d7ab5e72083ef5e2da2bbb62d21f93dab73b09374", "a3af4e90dc0a7cbb477be2d196dba7a0b4540a145075d1740deb9bd2a384be53", "af1ee4f6576c31441a2274c256d4607b756e97cca20782f4a48e2f1dbe73d00d", "b5065239929ba72b4ba764c7bd80e9a81a59cd37977a6a7a9044ccd08f443254", "bcc3ddeb859276e8b8d83e53eca72f22bb15131ff2be63b1847403f91c1c9ad5", "be71f31ad183c4c4987d9fbcb7618888f13c8c0472b7dccc451c7a576f50af02", "c0eef4571e9bf2e8a07986d4191a3bdec59e3b5781f067f774d178e5ffe3ceb8", "e77bacc45b82228bf607ff0d32fbff385fa74ee4e5dd77962cee5a6ff9832cd9"], "name": "KyUffThOkYwRRtgPP"}], "registry": []}, "reports_count": 15}, "exprev": [{"count": 3979, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 402, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 340, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 109, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 89, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 82, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 59, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 14, "description": "Corebot is a Trojan with many capabilities found in other prominent families. It features a plugin system to enable it to load a variety of features from the C&C server at any time. Known plugins include RAT capabilities such as taking desktop screenshots, as well as being able to intercept and modify browser communications and steal data, especially data related to banking.", "name": "Corebot malware detected"}, {"count": 10, "description": "An exploit payload intended to connect back to an attacker controlled host using tcp has been detected.", "name": "Reverse tcp payload detected"}, {"count": 9, "description": "Trickbot is a banking Trojan which appeared in late 2016. Due to the similarities between Trickbot and Dyre, it is suspected some of the individuals responsible for Dyre are now responsible for Trickbot. Trickbot has been rapidly evolving over the months since it has appeared. However, Trickbot is still missing some of the capabilities Dyre possessed. Its current modules include DLL injection, system information gathering, and email searching.", "name": "Trickbot malware detected"}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2020-02-28T14:09:46+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Doc.Malware.Valyria-7595017-0", "Doc.Downloader.Emotet-7593277-0", "Win.Dropper.Bifrost-7593600-0", "Win.Dropper.XtremeRAT-7594794-0", "Win.Dropper.Upatre-7594799-0", "Win.Dropper.NetWire-7597088-0", "Win.Packed.njRAT-7595003-1", "Win.Packed.Zbot-7595026-0", "Win.Virus.Ramnit-7597892-0"]}