{"Doc.Downloader.Emotet-6765662-0": {"category": "Downloader", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Emotet is a banking trojan that has remained relevant due to its continual evolution to better avoid detection. It is commonly spread via malicious emails and saw a resurgence recently during Black Friday.", "hashes": ["0da3104bfc37f64817dbbb0f5fd699c19db913b2a2f5c6f883b0813f1669638a", "1ca11cdd2bafbcd28491f6e46e1a2dfd9c435effb2ac941c7d164114d82d2aec", "21694e71a6d384e5080e422ca98dd16a52c39e430bfdec1732b3706c480914e9", "25fafc8f6d6819add0f2f907d1cf8a760ea0e4256b5a9997ebae705a7f40691e", "434a1520a7608017e839ecd8804d04ef5d53d0b1dfaae1e8865383510cb314ca", "46c708f3468052469785a18c61440521d05eeeb48625122b2f0879924fcf19a2", "4e03038cd03633b18f289487b717e6f9b75315c382794c73943092f6a90d170b", "6007e6c3de3dade995044f661cd8d53a9245ed12c1c56d427bdd3aa267398921", "6311b3f0767a57f8c7ee0c6e317fad84bc9d39a12e48f28505ecddc842a66095", "8286c59c07e75f97219bf649077d3ea44f497e715376fa867fec38fc34917ae8", "9248345ccc78b67a968c1f2082916ee58d0ce5642698a7a6e2f830f65937bc8d", "95696fdc9073bbb5feb71da630fa3c1f2255c3f7025bce4bc2ce7a0bda261bdf", "c060f2d8dc9a46d2805e514584fcdf02e39e2e56110c2ef0f0464e2ae40d3842"], "iocs": {"domain": [{"host": "p3nlhclust404[.]shr[.]prod[.]phx3[.]secureserver[.]net"}, {"host": "ejercitodemaquinas[.]com"}, {"host": "jsplivenews[.]com"}, {"host": "dealnexus[.]intralinks[.]com"}, {"host": "gvmadvogados[.]com[.]br"}, {"host": "infobox[.]ru"}, {"host": "chstarkeco[.]com"}, {"host": "www[.]infobox[.]ru"}, {"host": "www[.]legal500[.]com"}, {"host": "g-steel[.]ru"}, {"host": "www[.]gvmadvogados[.]com[.]br"}], "file": [{"path": "%LocalAppData%\\Temp\\GmP.exe"}, {"path": "%TEMP%\\GmP.exe"}, {"path": "%LocalAppData%\\Temp\\hu3xyaa3.0rw.ps1"}, {"path": "%LocalAppData%\\Temp\\mz5ranh3.2bk.psm1"}, {"path": "%LocalAppData%\\Temp\\CVR2D3B.tmp"}, {"path": "%LocalAppData%\\Temp\\~DFA8496BB3134EB884.TMP"}, {"path": "%WinDir%\\SysWOW64\\YC4GWpe1p4Ot.exe"}, {"path": "%SystemDrive%\\Documents and Settings\\Administrator\\Cookies\\administrator@gvmadvogados.com[1].txt"}, {"path": "%SystemDrive%\\~$4550683.doc"}], "ip": [{"ip": "144[.]217[.]184[.]168"}, {"ip": "198[.]0[.]36[.]237"}, {"ip": "162[.]220[.]11[.]30"}, {"ip": "216[.]198[.]175[.]99"}, {"ip": "71[.]179[.]135[.]10"}, {"ip": "184[.]168[.]177[.]1"}, {"ip": "72[.]167[.]191[.]65"}, {"ip": "77[.]221[.]130[.]34"}, {"ip": "179[.]188[.]11[.]22"}, {"ip": "74[.]79[.]252[.]106"}], "mutex": [], "registry": [{"key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\mwarepwd", "value_name": null}]}}, "Doc.Downloader.Sagent-6766662-0": {"category": "Downloader", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Sagent launches PowerShell through macros in Microsoft Office documents. The PowerShell then downloads unwanted software from remote websites. ", "hashes": ["0093dcbd8f4bbe4b06e73de6de547ad5993077a113a44c4323a976433246b86b", "0842492265ff119471f0caa69725591341898fde26bf968bbd5471470154cd3b", "201227dd0b8a0fa4b3d9b9cddf1f209c6de1addda9bff6adce66a626838f7e66", "25884a9b024598d9acedc91f15fd6297cba4dc3f704d6a19f626c86e69667e17", "29932262d4afc2f1c90346e826a4df4d56f18bce251fb70993d6d601ffbe51ec", "2e3431ff0a71cbf27d91acbce1e1dc80e4ca59873f451dca029aa0548a732bd3", "30a2e836865ade4af8e8e35726d7187658804ae243ec4a6ef1085d27c2ea18ed", "3204ba3905b38598a69f46de696b2305f5d1052bf0c42d62facd220fdd6f59e1", "3d50876ea89c344ce580f8105d16077c6345a23cf8738668fb0985abf6dcd03b", "3f631a8710b38c08cc4ec7098949908017023ead46db09357c0cfa00e0f88b81", "42a55cc69003e563f10fc82e660da83815e969d1b40018a4687ff024f2745e56", "48c247e5dc712829c5af6a481e0466eb4c92d6ba88bd21bf396a72bd1b2ef22d", "50e0322b2884afb29a5d3d00b59a46ec1328accd770e877b03024eaa81d487b4", "5d4af8e033d5aadba853c0c16d63b672c521a93d5c595c8efde012e3a3a24424", "7d25d591fe5291003a2c43e8d479dfd06ad40c2720a9fc3ffe4b304b97678602", "8bf2b7e3d0b5d4928ba715c5a7060aea26a7c0fe487853135a03bf6d02af581b", "8ca568c68a48c2af33147af88da854129364ae3217832cdae95842101ca031b9", "8d782fc91c991a792498e33dc2db3a2c05f3a3630d6ee0ea5a616e95a67071ca", "8ddc6466bafab540c2efbb2b24492addb9e8987c0fd54676f68d15e23cbe3480", "9a43186e72bde764614b092b55d4dfba00f528c5f0d45e6ccb56dcee8763a845", "9aee7617f88dfffed06e6998a6cfaf8dc1f92dc2ab0164b495a4980fcb9799e1", "a0ad77058d9f583cc7d4127cbeb367e4d714968336157b8ef03e6945c260dc1e", "aeb657063c6507df8da52bc48126c8cfd5d0bd89113d00e4ea1e698f8fb6425f", "b1c0d21bd6c8e28fdebd78dd6505135b6cca400773990a89056de054ed7cbe29", "b66d3770ec1baa5f15c4665d3ca734c4613c0d6bb0e9c167de0a70b1a44f5a41", "b81bf71ac98a8a5b93b2e8f17b8af89a3c68b0d6ac295fdc28586c14bd43e311", "bcb6921aec5d0e201134064999809472447126914dba2915b1996703fdabaa24", "bcd87459541c8ccfeecf3f147b933f74f590e2660bd74f3bdb69d74fc2bb4abc", "bd29f86f8695e504052fab6af8da97b253d413dadeee9ac5a7fc91080b6d3720", "c842e7dd57e43b74108714f7431bcc6f0acb3885f1045746447e2f7164acdf39", "c8e023785c30c2821cdd6655a23790a43379026a37dcd3cc77b31c72785f5110", "cb3aa9cbb5d2f46fa62beb469a0d02091bac9e359225b2d7601852f19ba05262", "e3601377cb7ba43007ea91c6838cdd2a18b5b2994a1f84982067c115a4d98bfb", "e7311cccefe583c3607390d6a24b2193fb884c7f73d87e354b33fc667ce260d5", "e8135b1aa5b4985ff34d5fa91d39cc7676b09edb5a76ea400c5db6ed24c9edc6", "ef232b6bbcbe4b9615bf0b8a4fe72c0d0fc05f40996088f47758f8ad48283b56"], "iocs": {"domain": [{"host": "www[.]creativeagency[.]biz"}, {"host": "mandujano[.]net"}, {"host": "biogas-bulgaria[.]efarmbg[.]com"}, {"host": "mahimamedia[.]com"}, {"host": "www[.]brgsabz[.]com"}, {"host": "creativeagency[.]biz"}], "file": [{"path": "%LocalAppData%\\Temp\\zUw.exe"}, {"path": "%LocalAppData%\\Temp\\dxaf1lgn.ghy.ps1"}, {"path": "%LocalAppData%\\Temp\\mj5uf2iy.ilx.psm1"}, {"path": "%LocalAppData%\\Temp\\CVRE3A0.tmp"}, {"path": "%LocalAppData%\\Temp\\~DF21FCDFAA58A2E1E9.TMP"}, {"path": "\\TEMP\\~$c0d21bd6c8e28fdebd78dd6505135b6cca400773990a89056de054ed7cbe29.doc"}], "ip": [{"ip": "144[.]217[.]96[.]196"}, {"ip": "68[.]66[.]224[.]4"}, {"ip": "188[.]40[.]14[.]253"}, {"ip": "185[.]45[.]66[.]219"}, {"ip": "192[.]185[.]122[.]50"}], "mutex": [], "registry": []}}, "Win.Packed.Passwordstealera-6765350-0": {"category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": " This malware has the ability to harvest stored credentials, keystrokes, screenshots, network activity, and more from computers where the software is installed. ", "hashes": ["02e17144bd22b469828d3a6663ce5ec0c87e24e729322cb97cacbcb4b2949033", "02fc82a18398f81deaee007c20d90e0e3c9722b30d2698f90e796023fc5e1740", "04757c1d814ad34c90bdee0993b86a0b33301abffaee9818310341a950cb9815", "0496858beb4cfd6709dff2122d85e33245ff41ec53831b8fcce61fc5702bef74", "04f66de839722231e20ae25ced41dca0f5e62d1e50b0accca5b65b192d6e4c58", "0526201aa5028da43a2e3d8192c2d62c6953e4f940a631a6365099a22c934200", "055b60ff72bbfc431a15134e7dac00b64a3ba6f53f8041b62d3676e2c0e517fc", "05a3db5d7b308fde9e5763fc960d88463eb1c517a1a645e9cd38229269bf1627", "05e18862ebc7be845735b589227ee2ae63ee66bc7ffb3755c52a8f84495d80db", "06b95f87826fe1272911920412ad972b931c31b1c785fa27ec05c177382da0b6", "06c4d3945b94f611019fc283b93fd63fb3f8405796db59cb5f8222782d0c7ea4", "0826278ce6120f1730ff87aa84ded08db3f6941cc910f46d9f57957ecf699049", "092c6895af99df4b4c094f62e3a92d6d8bf0088844b4b6bbf691bb4f625850d3", "0a46824e179fb9eb61835adb9c9a02919bf41a756f9dbf120cbaed51acf17166", "0a82eb0c8e3d7c2334c4eff82dc394f65654bf72b8ceb6e9d940d90ed3a6ba0a", "0af37d3cb266570cc11f48a4eff5fc4cc4636b7b180801e4cd677bd2d29ce22a", "0b5552c57c06a47fe86276ff15b2695ac2e9dcc6cad5f98f2ba5c43e14932b89", "0cbb8c5cac42acaaf4136770140177fe6261271ec1d035cd433a8b9a97e602d7", "0cff7e9d13a3216254aba643143dd218ca25ec2a503be1516f97a10fed1a151c", "0d07f7c0463a4db0108f63464284c6f278b5ebce3252c8c5172f51e123208d7f", "0e187bb3f6a4c196a92d1ccdcdc0db28861a0be845f0930a9eb308d27489755f", "0e428856132a0fc043f63994abd9cf9fe06975a21f16187d1758af8b73785b1e", "0e4a73fe7c720fa7b00134247ba8aae22ff6cf3cb4edfd994fb599c102462b4b", "0f4682294cea6ff676cc6aa4fbec8fb899bd3bda0b8f73c51e116304a85d5358", "0f5a78e562be95f13a1fd161b81f11f142e560758b48f12b631b83a38645817e", "0fc4990853c38020ef5cfc75736cd2277a7500025002aa58246d66484841f2d4", "1035511cec908d81ae99f0f2ec827fbb3ab50f342f688115fa623887a4b9a02f", "10a3b4bab7ac5cc9d6674d7f83252fb7faefe512732bc5d79aef69dfec2afd9d", "1132098c70ecbd06d062328537cda18ac0b8a7c6124ede875bac1bd31d521ec8", "11526a11980447139b44b7b187623bfcfabbf7c2d62160b0681d2415ff646c24", "115f91884f8a64bd8a26ef0bbb80871e9b47fa0a03ebd0bf0d2347ec44fabb96", "12be2e6808cc2a363d5854e3514b0bf95e8ad9ca3d50baec677fcb4084b09821", "16a0c12497a2b7f2b0336d0e190423719b8308233ade0b03139683d5dd392ee2", "1a28b92e50acc0104cdce2f7e4a72a83167e026ea30a86d982e836cd089708c1", "1b73318b4846403ba551d9c68cf3ad5e86c5184c12099fdaa9007cefa1766a64", "1c9ba7d36f2d7c38b876ac0ccd5add1a432ea7bfdbe97acf27fd87bcab79a843", "1e226b1aa6e0a6d5444cbd96aaaca34215ddf975e6fc09dbdac6cdef482f4f81", "1eb86fdb6e8c8bed78d4ff1b7ac2cf41d1b7d66c3f2702716091819397de74e0", "1ec57814deb347943e240f8c0e5a97ca3a385f29927850ae27b439295c605438", "1f02af8183416cef788aacb69b8ff3d5920774b5043811409d4417d59fb04aa5", "1f2feeb319c3af65c757ee0fa64e147e3c4a31756059442ffd5d33c23ae5d379", "1f9e2c941d880c08c06021851e5e7ef3916818a2ff06e353eea9fc9acad1c728", "1fbed5b7f53181997785d9c064997d67913a71e6d6132a86dc83253b595555fa", "20b4616bf6917feff6e4a818c326f773280722533dce64d108d81fba45925b86", "224446eac192f30a045fd50cf362237b16936002228e07044094f2428642c505", "227b95f67dc9018a66f1e6d03e796c89cc356803bde99eff477091375cd7f9fb", "2473519a82ef108dbe4105259e3ca25b4caef20ea16f446658715e5a48805951", "24f961d9d7a5351260a3fa16c2000c01615d0f1593b75260e28531002e9fe6eb", "255278ecb6c6a577b65c949a5587d6a4a4c902b1a3cea5ff243668212beff6ae", "25c4a28737ee2baa1e550b9def8301ddbb5838080f6ab91cd72527e8489d8c5e", "26edec6da24b1fbb76902b7f2970dd937b4cea79dfffbb781a2ead98c2c333d6", "2719ec1cabfb4d60759461545d673d0d9c48d4150a9f164a0b42f8f3a39cb629", "27696f0bf61da006aaf170058298e53b0f4d03ccbf0c9828719a11700eea388e", "296496b1669d93e92b61f73559bdbe44bac70537b69c691659b1c4fd91a1e525", "2b14e3e60454ac6427c8e23cdfb4766f9a7f41dfb675a6b114ea1668b8daf45b", "2c285b627005363f1e4aeb121c99614dca1103e957e25411583730482d3bb504", "2c342f1079deeeaf1fc8064458ecd819adbd14e1d3638aaf70bcca9b3a7d82f4", "2c3d96590fb20743ae02a4fe10b1af8535732a2b96e7ac6becea5fa1acdb7114", "2ef09f03cf0909b6598784ce0135b3db3d9528c4a355762f6625f83e45f6edeb", "2f8a72aa957b208389b71e2d6dc08e8487ea7b890a2af2bebf2d4add2911b976", "30b1df8fd1c8156985c5dff30b6446728db00dd154a63c2e727eb56fa9f39b0e", "319f50eb6fadf1f9a321e1973e87bc9c532451399338dfe518e77f5e5b7d51df", "32262b7964d0c45f9159d461d291739221480379844e992f234d199af992fab2", "325601678c756cc5d5a69916baf5eca851bada9242b3e5aef67fb864b9457162", "3283246cfce769860b29a400b9c63c8fe410ca3468b4565c108b94c7f86c6035", "3308fa29a4b7f67b039a9094e559a4912152ba1013c4631c21a022e0109fdf8d", "359eab6a1f3d756af4bf8e52c1ae6fd3951d6d99c7bef9d890522c5d1e373c06", "37b345ef17f981830925434e262d021e988db06926ca44a75489505f17bd1c01", "38918e6dc92e114397c273889e69850e1959afaf958e3e79e7373de86f7442eb", "39bcad31046088eaff4b9f2284a2e24c4dfb6a973783ee163e2cd11eba7f4393", "39dce816aacbe4ef6a3cba7bf0ca08ed2b6e2f1fae40519ce29b01fe49821a39", "3b0efff8c8b517f38a31ca5c85ef0374923e4aca5be9d3309166f8fbb0cb52a5", "3cd0ad0cef94eec6ee3a3a693ad2c12afca9a9008a0569249a9a2d64fd636715", "3cd63c40dca3181f7d151735c744260a92e756062f18f4393d05d205be58e587", "3d4c1333cdbb7546d72033a675f68ab395333b7b3142b37ad0d43484cdeb2a6c", "3daed9cbc70eb5ad4063f81a34c7fec03e0b179ab011070852754012f80eb83f", "3dd250de794a62bf05284218f3e6fb2509d16701e132b9f12c9b09e069dd15a5", "3e72f6df0a55a0ad7457d760a25eab22ef0d17490cf318df4422139e32966938", "3f2757b22f8d798d8a90decbd1bdd6b4aa94acf99379cd05853369ca35164d5b", "3ffbdf6533380d62b0d894e21959124153951f9253d76b8e4a952268f056518f", "4006d780625f371649c65c348ab19e3baca2146f50feb88854351f6adada9de7", "409663297b934353dc4e5d49c626e59ecfd9205574de6a8a71771794824d3341", "41a83bd63a865a6bc756bf54f8bd9928a03752a9a789d97e2c4d857163ece066", "42281e8c6dfb31d2e6e636f55fbb81e90977338792841b634529438e604925ba", "42ff1b53daee7854ab8279262c1d2332f2a650448329214ccd230aecc1fe61a1", "43daa2ec6a09a95d4e48002cbb797c66e0413d105c148d7c37b756eb05df9d0c", "471da16de021b1b9a9ddc866ad3344a0172753be340e81b703b8dd4bc22e1083", "47b425a4d1c8302e46315895a2c2874d622aa3a5baeb1458142e910894803516", "49024a38fa4b54ce9987326e6ebbb5bfdd871e6ee25872dd53c81a7e7463300d", "4c38bec69e67e77a67ba6d85bc0e6b17b66bc43a8f8e85c7bb59524960e082b5", "4c54b303783be6e3a64552f7a62852346426c24d76801598cd25ed9cd17cc756", "4e9f346ef93141ce78793308f70f134297bf64ce4d85ffef58b5bc8d15185ea3", "4ff2c2e1d4b6aeba273e7f020b64e4db0489459034a34b4a72cb7cccac3f8975", "500c8c943db7a6a415e4ef42497b1332a66a548a8d533683f85dfcb71e7b6cfc", "516da965178505bf1333033f97b071382fa23b9f8eafee3e408079aafb3af21e", "51cbb11596403cf966b7a7e656db18cd1a3baa3a7da6aa7caaa18247aa863077", "51e48929d9afe6c2b733fee1cc843c9d349385a1984927678a502c199e0af8c1", "52213e8f6ee81740b6ec6bfb23571f52bb870219d448276dd99ab4337d8ac582", "593ca35a4210717688e2ee81ec9c6a78b3a2300c01be4ef4f900642953877317", "5bba7ad2a7e30d8c2a1fbdcf0a218214c131c9f8bd8d00892f30430b9c41a4c5", "5bcd1005055a149e3918bdb04970f70433d98a9510822d70ed64c520be9a983a", "5c51e6f81f2f17bb3e415a2faf447a700546fd8edd4fc903f109d221a77d049c", "5c946e05514c971c296c56035dded71676517082c10b0d9ece9b562178796359", "5dd1ad67e2bb02ed3ec466894c2646d39c96fc7ea12b08576dd0ccbc82040c80", "5fb50249e315c14f5d3ecb55b279586dbf0f236f4030ab8eb8c25e582e67748d", "5fbf1cc3807f33986f8fa90c58d06673d468efc8239ec68e34b5841a4592b8be", "5ff1652abb7096714ae58bf4b337be216c4c04ef9300b4429fc775b46e9c2fbd", "6018172db80b7a2905f0707e3c50bd677ab237335cd0f949cf34f4d4e861eb96", "60d36f1ed4d89313f22129f25e91e7d90efd182704a7ebc9e2f9d8d4b6d6c7d0", "624debef567ac1b5622df33b25427a33c0238ba9decadca1412196859c566f84", "6449ccf71da9d8eefd7b76def11556c4863eef6d708dfe5fb3134aa199bb330a", "64e29cb89b86f6eb5c264a72b22c0ccca680dc96cf322527b355c6d49f9ceddb", "655f5ec104b4163416f06f4f25c8cea34d9a8feb4421224f31e97e8c5e713c4e", "65b03ff8a95afe49d954f6744376b1f0da4eca6920f1ecb9a22f862dd757abee", "665c5ee2878d7ac72cbb4a2b25a410caea524bae4bc65fe21f2f82313c9cb21e", "688ea1cfe49dc89eed3de909c6ad5f3ee62225ce69e19e615b018f4d52cf7c4e", "6974a9ebf17cf658b4a8c7cd74ed756b87f2f936f2a231d1ca4f35674d3a8d81", "69dce492e407aae98bb67f9ea7edaa2a7ae5a630cfbb06d880957de930e3122a", "6c4c3b1f613c4dca13eda8de8e9d90bc94cdbbc50f43611cd64e3055f4fb005c", "6c795491cb0b3489fe1ea2841170de8e196b083751aebd3d10351f3ca6c930cd", "6d9fc0f93233f09e38d2c585c8bfb26b775ae10cafa9c7da117c9fd4518e9d64", "6e700ca4ca3faeaab06db46d97c62c3529a88c26c9f9fb908c898bf0b1f69f33", "6e7d14dfba80d535b5790dd7064ddf9e6bc2e4514cd508affff57e8eda42c3e7", "6ef9501020f075805a2b229e99087ec376162eab1fd6c726967f88dbc22502ce", "6f13af67e737c1bccb98ae526504406a6d7ecefc5cbc386b6ba95e3fbd52b02a", "6f3010114ad4a7c4a55c2243e2a0a010335938bb973a3c0d2cbe0af93a0d99e3", "70ab79808422000945ed040f3c442d6dc780c3d13fa6f9465f6a9551a8ae724f", "714232dc4812a4139689dc498b44a51b2f882e801c6486250303726a883329b5", "7164d84652afbc35fb7fea6233fb72e7ce7e4c66e343c218ef3b6af4876416c3", "71ac8f0b89b4640268cb96b6c13e26a362cc2f1b1b7425179f1a8d9a5d0446d1", "71cf5ecd3af2c954c3fc3f748354736eae946ea0e72ee81e9856bba3d2588e42", "72908043f1afffd49e6559e595585c64c95a9152c446b50af48d7a18ddff3a85", "736c7035755d743b6c9df9cad48311d71794447cb95ff04b3991a89e134b4d0f", "7383ae41c10eca44a60dd9a122cb1e22efdeffec78e30357e61f27c0d6dd8f17", "74d86b07d680a360b695dae0025a08f55439b36af989e630de8d9f518294eb31", "775da5224d46407c3e776a8709ea80092e2058a3c0384e90adbfd6dbc1c2c188", "7aed10ef084eea9badbd5e2f2dcacd1acb4296fef12177acd2bee121445e64cc", "7bbc9ebe6c3023a87b754666e218cd4c8ecb6fe0331faf185d76beb75765c421", "7c3cf629770df8e325a83f0a43b28b5243f579b5ecaeffed71adf38a1b0c5b1e", "7cb9990053d989e361a1c1268deeb45df7d51716020aea9cf7af706272af8c44", "7cfe4c8cb4089c2ffc92ed06e977edb64cbace4ed5c4acab9db46ccc2f83b7e5", "7db69eb4310873d5cd0047363da21b8cf59aa18b5f2b8d1a6bcc8f1f4ad39b72", "7e4743b76081d2bbb96891fd2341ca23c43e43bbd930e6295efd1b3cd94f312d", "7fa144ebf6862be65fac7ff7943da404e7111d0fb8fb685d31da01a1c7edd598", "809fe64e1b92e87d6c41775997ccf4c24194d7a020ae32092cf28f4e40bde562", "80dfbc39c18e256669c82a4818889278081543e12363e43a3a4574160bf01442", "8217166ed0205fa222337302ae63f16f3da62c3b30c50f2c99f82373fde35968", "82666fa54e564d21e080b58820688d84e78bda5e42e008c12a32c95b8ca4f4b3", "82d3f46fbe79b1116dde2f4ce9f2ff7ca9eb2c9d96c35c170b8966da4953842b", "83c8e2e5a505d591b387457a2300d82943879c897e8cdc68df436ec1af114d6e", "84c51b5a19e2c3b276cb1a5cf8701ba75e17ce53aeb55058cfc67d51328c7b4d", "84ef408e4819dde0df8775cf3a14b758310c9f7c1afc6d08691b3459685c1fb6", "8640c8561da65373eec63b5a4dc683d670674fc67532aa33c64212441ac3cc6b", "869ed1aa922de05a5a091564f57b1ba9f7c0061547d8e282a14c7d926ee6cae6", "87636622e0d7a997e13506b75c9834296eb6aea6433b4ced626b9bfff625d0c1", "8776cef9805ffc2c120978076b66f5a2c297038a29bf739074c6a1f00e7c97c9", "87b6d20cdcef38bccf624c4347a81819df6ce95b2b57f5b560b5745bf639ec45", "895a297d5ed3649e1035cc99aef156b38c3c4e706f40c1eb70d8fab41dad12fd", "89fa4746bccfff9c12019fdbad263912a1d9c40362b3eadb4becb7cf27b06994", "8a20df964c662ca6e9063de40ee6bfbf191f9d48dbe7322d720e807c31132f88", "8a329fe82299b69a684b4d43fe17afc3e324204a2f0f44334a06d63a3c8c898f", "8a8a4b6ebb2afa85f0239d57efc7907df4785d763213fd32fa0d473641d1f94e", "8a9e6af22484bf6f9c14d106ec650d1e356025066215f8703f9d772115f713d2", "8bda7908a17944d4458f5665311973f1f649a5c0ce60062008eb2d27a91136a3", "8de751de7ea2dca25a48eb6e027b248b96619b3f90dd99c591e6ee73ffd2cf9e", "8e3728b622c029f8e2d68175588d5bf0d7f7732321a335fbb0c60e1d2d4b5230", "8e3eea0bd4813eab8d4d12b1f067bca065b57d0a0594bef9a324a11db919ec30", "8ea15324ab8bc9d0ce9cf58e3272ed9b0ca3fd88af1683fe48751c6b73801b26", "910644481bf8bb2aedf06ab01110c06442d44256b641d307dcd29d5b0eb794fb", "931143fa03cd94a70bb4df951918899b24ce85e78c00d12e43cc7e073d86d2dd", "9450ba4cef13f0cbfe37d36cf1bb9f832708ecc692d2955c69a3d037e5d45830", "9476e6534e8f5999a8bd7cd8db63240dc1a50ef44a0300fe5cc29fe09d6c8aef", "9482a7fcd384c8663b78e4f2837a7d7592e879188b82d9991cad842f9f5760e2", "949310948e4e601e7f649ee99410c67eab61b22b5a0acc33116d8c71dc674ba9", "956b91e659315409e5aa68b9f3373305e68d90fb58383d0e72a071ff4ddef6dd", "95d9cd642a6bf2274abd500810d65b6dcb25599dcb5a6ebfc81150151fbcc7b7", "9628df4228ac1d25147611460d6b4091e16be54c45c84d114bf37d99bc6e31d0", "969968bf15233efa6a11b34f0fd5806fa0c0d880a289e90eb79a021f2a0fbbb7", "97031a2fc52101a9b1a160a61f32f03baaa5aaeaa96c3e2ca54e32991d612788", "9d96b01a8542e7ad7ec180bf5214609618c42a35a85af54c0e2134ee7eebde89", "9e48b25bfdfc06fbfa54bf77053bf26a2f73f4ab6ce4048af6eb168ff1a910c2", "9e54982443152ec4f46d9cccb2d006d46e1394ff4f8b6e99f4b09aee5bf8a8ce", "9ea60377bf198ffd329c227ce85b151c5afa8dc886f21e72e26ee87ba1e3c7b1", "9ea8ecd9e125766cc21725c4e86ad371ab385431f2f4f8bb85942dd108ef3937", "9f1f79420758c9608113f90fbf43a74b5cc2305cadafb5352ac8a67b90ad543e", "9f37269a76271b89fc8cfe016707d7f96140be78adabf57892fbe77b103ca965", "a022c52f6f63f342bb8ee25179d90bb94ea24ec529b751deaa020da29462e0bf", "a04e11ea7a755de0f010ce32f114d162763d6be1c2468b0dcd1d7e656cbe3c45", "a051cc39a1209000353d26fb3fd12a23bd3b1a2e954915dc713fecb3d0c99bc6", "a21ace5085369880f08efd2debe4d85595d9bbadcce7ceeec1de69230ebfc286", "a2c0a9c85ccfa403cce28e684a061e0c025210fdc7c9fef06b3687ee06ff3ac4", "a2e5eec25b89e1170f881f89dd8e5378900518971733f91268e191a293083814", "a34efc6eacb603ce95b21b665b679970a636e04fdcb688433d66effc4fdb511b", "a3e6c2829d8be5b4aca1b9f9a8439627861428b534993fdb7846f053f78942e5", "a55d88be923106d361d39f2fffd582e0825552ba78e19163da0cb3c3fa6b68cd", "a69f752c45226c14aa95f3aa5ad0a69be7d31dd451c4918aba302890b22ac383", "a6a766a1ca7e572635942f0956de284b78ed07a15de1c22169b4007ef97248a2", "a7a53ec6971edaba1c82c05c722fb9decb9710e78b145933145dfe87e1702dfb", "a82c4db221af24aa13d940d53da72d83c730413749910504784682f82fa6b57f", "a897d3d0da2b7a81d3bef664a4dcbfc4a7cd5d8a1997da3497d41e97e16b53cb", "a92ceab6d038c54667368dbfa16cdc86529e277cf7b7f5f2bf3ac9d15ec64d2a", "a9aa2c0c52cbcff4cbf351526f43a9bc11b105648d493798e632ba0da7489f17", "aa58025d478e455d1f24c9f790316433f965d6015fef954da4d6717934b1212a", "aad03169563b22a454200c5ec502616e45e627e5ef6dbfb89ac77c68ac0c920a", "ab46d9db4b958968168763fa3f5f910c4ce0ead4aec6f32d9e973cef3443e3fe", "ab9e8f84bc160da89e1397a3fc1a47ec231b6fe44c36aa0e7fac3e9fbcfac4e0", "ac14af8e00bcd9c7089bd4328cd8eac2d282fa99a15811f5f92a05ae085802a3", "acb2d2684eb268b923c5e221f9172bd6d93ef675cd34ae6be054e53d4918965d", "adba75881a06b224e71727744877db6967470df0c26968991cbea20632dda862", "af0470bc140dd4ba79ea0b22be31b083ce0118a342ca331a3586b84f52b69d94", "af43a977c3ccf60ea67046d74ad7977ee14d1ae2890ecc8b23c8637cc97a1e8f", "af6698f456b08fa8009b5f73030e62537e400501c01534abed7266bae7d06b79", "b04bf2ea1274f139b6735430b5fc0af76e6734791105b5f36ca18a46d3c5f2c2", "b1ceefa484814e77eedc0a8011256a33b1fde7b06df722d5fd03fb61ca848e86", "b1d3e8ed68c3ec1daa01640cbf65780f86dd21378948d82721fac07da26e6282", "b40a36fd3e1468be37b1c4f1f021c088aa197b7e1ce5afe1866aa97b9d081ace", "b486906fdc0aef6fe418fef62e90308dd438d48f9f1ef47d1998347479275254", "b4cda00b82b7bf64b6bc70acf1c3a5576c7b666c3f37f5a96ff6b00e5f1cb9a7", "b673527905b52ba57aeebb1241d1c9cff7ec1c25e4c167a6ade99b4e4cee5faf", "b85a590854186636872f1c834a019582e66f7faf5bb3411bdd1c8a6a7ec9ce96", "b8ab2332d5d62a63aff2c0950e8c7e75db1a73aff47bc9b06578b857faf5c287", "b95676a60e3586b9b239eb5d707489e4a8e30a8133aea4621cd64e7eba19d955", "ba52336d848d01eec779b285c5f2bd56b2c4a3aa9e9fd2d51746c2913b936a93", "ba58119b94c109687f7bdc652ff210501a1ba95214f342e8d4f7423b3e7118ea", "bc7170b6876f33c5779f265c62414c906565626f84ba3121ce3613f4e05e977b", "bd378eb17186ecba2ccc6db2a1e88776ff353a32b7bb7b86be76b636f38b630b", "bd5b826333616570eab1bdcf2277d8caf03557396ebfe7aa9bc1b38913d9c1e8", "c01c6a54acaa0296d466c0cbda7e455ea87cb27230db054f9363aed1ad80b855", "c045fb88c4b9e1e552ef68f926826416d01bb27244518a6614d6b217630a5eee", "c1023ed216d8eab3adc938d5b5947c782ce02016a9cfba4c4e0608adb11dde71", "c138d06c5e2ab270c997943b9e06ac704d3c1e790c1cafb59f1815b34b3557fd", "c20d987487eb138fe63827a74dc2162fbcc8f06fe578426acc82a7238ca151a4", "c230e6d03cf562f124190d60742765b7874574e3d51e603ee48860e6f3447ba8", "c25fc75636bc25658604eeff46105df124bc4f8657c9f9112c7ab649e3276489", "c28f2104c2864fe60b38eb80e67bc2ff5c40ef7e19d307b069999c06c497da7e", "c914848e174b59c8f38360406d95d6007dda5ed9e724e278989fea81b988c477", "cac7581cba33361a4daec35b2aca214c852eca14f647cb6d058a3f69d5466b14", "caf68f600e794bbfb803744ba967e2ed9b1f1f35b46d0279a73858e00534258f", "cbdfb5df6c9a232d17ecca7a2a115dbe30f861aeb15b380a35cdebeb35fe6e36", "cc210f7ad37686b61b03f17f07bfc4ec54e0b52a1942246c8ac209b4928756dc", "cd1832fffcd0c4019fc65d82623bce27b787b8993516a67a9f9c0d4b2ea8521b", "cf69a85c610a8586fc494fd893bbbe59330ef60d63e7aed13dc8c9dae690e553", "d05fe522243ac44b56a5661ff1eaec042f33b7053f668997a98be9a5f6d929e4", "d13cf79a5f567c85f6816122a10f72b8c773e863f356e57aebcf075e1ba23a0a", "d1442c5bc2a447da083c0c0dfd68a1d00e8bd28bd138ec97dd50b346a7de5287", "d274c9c332c96962b68dc3d09bff90db403ce79eb14f8799c65345dc3e873ee4", "d3b27c89a99d054adbbb00d5f67058a79265341911808e066b94b19be62654c3", "d3e04a15da52097d14b8a92db0223b392ae786a5d0a8099514c20ffcc57fb4d8", "d5614b7b71dd9805bd602cf056fc80e13294815e3a2c6264c7727d45cd299490", "d5c72d2328ce78e4bfa344f1f62c8c4dbfd1aba4ed2d795ef265d0b28e466b52", "d8dafef38347ba0064f7a9edf1a6193b1877aa4d73c8f7333f32e8e44532d85b", "d976d834002b681ca8e310888effcadf33e44647e4f96f332c79824247fe9dc1", "d992ec3be0ba280a529b4fe08c7a7ace283f9afc469c24b8f46d8b2b7688f193", "d9ce8add023a4f117fb8773bf5c1fe2e87ee778fc805562fe392df2627c67ad9", "da0a678484fdfe98c590969b36541cf1abc25ca607171436a6775fb51643e7d6", "dd1d532046c59b3fc5721e33eb28ce09b8726d2d6af53f778dd548d160ecad38", "dd4dda5739c1e065b00f55a69c9bc028540f9b661d712a82a96f4f2e24a9b99d", "de3e1299c030c8108ddc1d4e11f904af5924c59f952ed9b3034a39d2cff2a74c", "deecdcad0ed84b70027f1c38f6524e033c8dc4e7cec7da95ac48f01973bb1518", "df2040856681a09bdb6940e56dbce6cdb832ecbdff78218f75e93dd9fd8b5a2e", "e29eb0db8df310cf89852b7f988fa3ed936bbb4cc47bc9f5836bd1f445c17c96", "e2a931b55d4d2abe01372fe080394cd94d658373593092fd6b83a3a9c42a2a4e", "e2c2e7493eacdf9265ad1d0750d1d141311f82f1c6003bbfee3d41ac5994796d", "e4bb6c8ad92c6aca572cc82e06181d996094c2b334f8ec25c1fe1dea09f6272a", "e69a2bcab088a428dbf07e7fb8ffb51f7cc22baa46b7127b674bc2d64f4b9eb3", "e81b61f04a430509516c79ade036a78bfcaaa9df279987ff71442dfb56b86fa6", "e8f839603e1f543c9230e73efd472ab438b94a7a2f4de6c61e7885b3bc7d56b2", "e9ea623870cb765a0c3e6c6e4851d170fae3c038c539e3ef0ad2a6e795dd2d5d", "eb1e369c6ad2b7f914799b2d3893888e5f117589056f99f2f185d9577e22cfac", "eb477459f5b0280a8e2fbe26f9360ed5df173121f097f08fc5d631be1eabd356", "ec34195066674584ca7138fa50c715fb9f3e6db5cf5909c879c2b2994d8a76af", "ec37c70f465f6b259fb3405892360d5a1eca013c9d01f61e18d73367d82e14bd", "ed38625b6129d88b3ba8c088737870298a5a634de4cbceffc04ceeadf4dde3fe", "eda89f9f3c0586267912c8aac86b012ac40fd9fcebbcf8291127b2e6589400f2", "edf2836bb723211db5637de325be64828e2a634479d5b4ce83ba2e1c1e13045c", "eee286a32372e4304a08ec6fa9202a6363e45e13651d64312a6b550d6e05afb9", "f359630547091a993b2b70c4e63b8eaf37ea6f77692111752ae58db92887bc56", "f3adf391fc8d371ecfce1bc95b2459acb11813241adf499d3ba533a35cb739eb", "f5073073626b0162f8e566da3a8bac30527ce1de4472caee0acd0fffc38f9299", "f52842bcb241348fc2f11de0e8748725b20091fd8b4edcfacb250eec4b51c1db", "f593a3c6e90705af485d5b744efb978aba486b230650f08bce0800d07b352659", "f5bf4a5edea270f5cbcdb0491f682cabb438f91a6f1027f7cc22d1091a741d5e", "f5fbaadb0e315e3c0ff215ac43599a871dcddfe65a6c9d637c1a8d1363b51d6b", "f6a1088945cfbd015fbd6da0412bb6f15ed312b07042ca80f8c0a7b1a245e34a", "f6f2c7984d369677df45272d38b01167e3ffc6a8080a816b14cc2f6135703076", "f72fdc4a21cbc3302d44348e3a9e9f28d978ad65ccd553707a1dfe8d4dcd43f6", "f7d5eaa0d6bca42fa72f83b4534bc0213b8fb4a3c0b08c3f28c71eccf80079cd", "f7f3114516fcd25c58ae7cbdd36f8d4a1efce189f0b802f71c0ff6af0783219d", "f87026bd77942d2070c088225659523892bdc8d9535408ad268816b3c1736ccc", "fb9a8a98b737d75026ed8176ceac8ffcb4537b528103593e64ff21b556615351", "fbea3b028494cca86e1d38ffeaf223cd9b0f370b5fb5a9c85fe7b337c8a860c2", "ffd41c720483a65462fccdc99fd251690765af208a1dd011e3a1db95db7edef2"], "iocs": {"domain": [], "file": [{"path": "\\??\\E:\\Sys.exe"}, {"path": "\\??\\E:\\autorun.inf"}, {"path": "%LocalAppData%\\Temp\\holderwb.txt"}, {"path": "%LocalAppData%\\Temp\\holdermail.txt"}, {"path": "%SystemDrive%\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\dw.log"}, {"path": "%LocalAppData%\\Temp\\bhvBB7A.tmp"}], "ip": [{"ip": "173[.]194[.]175[.]108"}, {"ip": "104[.]16[.]17[.]96"}], "mutex": [], "registry": []}}, "Win.Ransomware.Imps-6765847-0": {"category": "Ransomware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "This is a trojan horse virus that may steal information from the affected machine and download potentially malicious files that spread via removable drives.", "hashes": ["504c6e964c591cd6b4aac5193600058863a5c3c3b9ae7e5756315114fb032a11", "52691c9c33c0b2707d74cca5738a15313ccd5264279a20933886a1f4d60aaea1", "6acf9095e1f5725380bdac7fd7d1d9f07fdb44daa4682c2c8ef001094252d699", "8c84a6d109b529446bb89ae69175f848579699bfc0bcb6dd23a2cdfd31b48f43", "8d19e0e2b8ca2d659ab37a67e094d09b3e208453a2db48fea93840a203f3e7db", "982024167a8bc0e5f6fce2b476655b91c821d09f324f95e77f0d38358d1a881b", "9c2d5ab12e6f67faae5444007b9135834af71cc5e23c53801fa39877b9068101", "9c4780fa358ee65ac1f2361e1e2757f475674145977bfb8a43870538dd6f85ca", "a3786fbfefcdec86bfb9ea1f4d14faa1285dab5bc846ba556b6b9ba3c974c420", "ca7073947e41d18d30565366df2522f12bbeb0d4a856e1572d654a3d569bd3ce", "d2482568a93e5755ff97a8a481e92db8d3f2e4995ee310645f9a1951a9075250"], "iocs": {"domain": [{"host": "s142814[.]smrtp[.]ru"}], "file": [{"path": "%LocalAppData%\\Temp\\98B68E3C.zip"}, {"path": "%AppData%\\Microsoft\\Network\\srcc.exe"}, {"path": "%AppData%\\Microsoft\\Windows\\audiohq.exe"}, {"path": "%System32%\\Tasks\\ApplicationUpdateCallback"}, {"path": "%System32%\\Tasks\\System\\Security\\upjf"}, {"path": "%System32%\\Tasks\\System\\smartscreen"}], "ip": [{"ip": "185[.]9[.]147[.]4"}], "mutex": [{"name": null}, {"name": null}], "registry": []}}, "Win.Virus.Sality-6765491-0": {"category": "Virus", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Sality is a file infector that establishes a peer-to-peer botnet. Although it's been prevalent for more than a decade, we continue to see new samples that require marginal attention in order to remain consistent with detection. Once a Sality client bypasses perimeter security, its goal is to execute a downloader component capable of executing additional malware.", "hashes": ["055dd786fbb1c16e793f806368aa0f05ab7ef45db767fe5a7a829f11da37da0a", "14f659a71058babb085af0f228c34339da3f124fdd66f63976357d64e69c661f", "1daef9e1a3fe804680acf7e0a64724d4c106fea7aba46d437738b7ab72cff59d", "3b6a5842eeab177d8d869f8eac9aea7342cb1117ac063e4cc2e3c4298107b028", "5d83a8691b914f3971c6b91e8c82803b479ae70756cfbeb987ddb842eb399d8a", "88f585ed82535a991dee6b054caf7efd9f4bb54acdde8fdf7d05eba8997d1058", "973dbe64453445eb82a2e619842f46c8ed3e6ca74533db582b472e79bc01601c", "a28cd979f9395cc482d9de5d7fd676a379e97920a37784763bfb72f348556cdb", "d746b850bf25ef3872d33c3b0067910b8d075a0bed0af89c3c14ecd2efee3fab", "f2864685d01a793c2e76191d3be5278b6e1d59a9fb5b20e7a229e3d634108c8c", "f6c27d2fdfed0a6b67e5aee197388797ef77a4cece21c849ac096d075dbd93c9"], "iocs": {"domain": [], "file": [{"path": "%System16%.ini"}, {"path": "%SystemDrive%\\autorun.inf"}, {"path": "%System32%\\CmdRtr64.DLL"}, {"path": "%WinDir%\\Temp\\CRF000\\APOMgr64.dll"}, {"path": "%WinDir%\\Temp\\CRF000\\APOMngr.dll"}, {"path": "%WinDir%\\Temp\\CRF000\\CmdRtr.dll"}, {"path": "%WinDir%\\Temp\\CRF000\\CmdRtr64.dll"}, {"path": "%SystemDrive%\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\bkhxl.exe"}, {"path": "%SystemDrive%\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\pelbwv.exe"}, {"path": "%SystemDrive%\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\scih.exe"}, {"path": "%WinDir%\\Temp\\CRF000\\creaf_ms.cab"}, {"path": "%SystemDrive%\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\tlinwq.exe"}, {"path": "%WinDir%\\Temp\\CRF000\\mint.ini"}, {"path": "%SystemDrive%\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winbdaue.exe"}, {"path": "%WinDir%\\Temp\\CRF000\\mint32.exe"}, {"path": "%SystemDrive%\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winbhys.exe"}, {"path": "%WinDir%\\Temp\\CRF000\\mint64.exe"}, {"path": "%SystemDrive%\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winbqckk.exe"}, {"path": "%SystemDrive%\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\wincsbehn.exe"}, {"path": "%SystemDrive%\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winfudq.exe"}, {"path": "%SystemDrive%\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winimau.exe"}, {"path": "%SystemDrive%\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winjcsnxu.exe"}, {"path": "%SystemDrive%\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winkggnjk.exe"}, {"path": "%SystemDrive%\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winkmdt.exe"}, {"path": "%SystemDrive%\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\wintyttku.exe"}, {"path": "%SystemDrive%\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winvcpbm.exe"}, {"path": "%SystemDrive%\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winxraoo.exe"}, {"path": "%SystemDrive%\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\xatik.exe"}, {"path": "%SystemDrive%\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\xovxjg.exe"}, {"path": "%SystemDrive%\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\ydgy.exe"}, {"path": "%SystemDrive%\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\ysrnph.exe"}, {"path": "%System32%\\drivers\\oiihn.sys"}], "ip": [], "mutex": [{"name": null}, {"name": null}, {"name": null}, {"name": null}, {"name": null}, {"name": null}], "registry": [{"key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\Creative Tech", "value_name": null}, {"key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\CREATIVE TECH\\Installation", "value_name": null}, {"key": "<HKLM>\\SOFTWARE\\Creative Tech", "value_name": null}]}}, "Xls.Downloader.Sload-6774021-0": {"category": "Downloader", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "The Sload downloader launches PowerShell and gathers information about the infected system. The PowerShell may download the final payload or another downloader.", "hashes": ["06f128b08f332142a5e0cb8d6c26a780316623ff62673684ccb9f37f98e3f87e", "07b4dc36a3389ef60f3444bde94f6b9440e6cd2d658671096d01e4909a0044e3", "0fa2d0e86ffca3b299776ef219a1ca248f8bc89eb866c39894780c97859c7540", "132a3cf5d1534553294af816d2796d21c2a7a379eb3fbe6f67e8fda895a68a77", "15c3daf032053b55a6bc280ddbdadfa668172a43609da78a421856b5f84f1381", "24ccc8f6607e2577e1fa9e3f3cb474e6a309f420765bff7d64a38ba1c6a2d508", "393326257ec1f08c2379a375308e0b5a6879ffdb8d68362f46a6a56f2fa9c0b1", "3bfb9adbd0af64301780ae06f4db63fcceb21dad38a8df0f6023c60d51fc71ac", "42728401a73b538b441d0643b302122f03960a26d8f2513af5a780e24bfe9817", "511b09caf3e19d96a2e8606c35ef9e39e18903e7895ae225dd7807cd46d50c21", "55e145df9b9668105f52c6f61e5ca6d421edf7fa1856af1162452a7dce6b6e3c", "5dfe4ad7cc7866e81248aa06e2c8204f6007e9694a5d1a4d6739d9a313ed249f", "5f8fd3edd5feaf3bf12702d0bec48df5710bac2770b59aedeec46c563f2f4df9", "6a7e95ffccb39bce1203731899b14adba3afd79d7bda7f783256011c510ffd0a", "74a2bd67f90c0d6d906286d4aea6de32bd9bfb05ac631de15b8429758573d22f", "7559d01473ed8f6a5d101e39ca32f5d2a975a018a017100967417c5ca8f5f578", "983b13f4ae9b8b9dbb6fd5e4fa024e862628bd748d2ece92cf4b4c2048d88ad7", "b90eb4806c7f5af1b79652abbe4ece28d59dcfe345657cc6e5a04f52e07ded0a", "d23817b23214e53ee9400e9a307b522add72c875d3c98ba397525ac11c963379", "f06ebe75d30a2855c3dd1c6e7b3430765213c52db423f818f770b74329f451a1"], "iocs": {"domain": [{"host": "ipinfo[.]io"}, {"host": "images2[.]imgbox[.]com"}], "file": [{"path": "%LocalAppData%\\Temp\\psefaeec.nvt.psm1"}, {"path": "%LocalAppData%\\Temp\\yb31jdzi.jxl.ps1"}, {"path": "%UserProfile%\\Documents\\20181205\\PowerShell_transcript.PC.ZR0bVMzf.20181205131554.txt"}, {"path": "%LocalAppData%\\Temp\\CVR1B6D.tmp"}], "ip": [{"ip": "216[.]239[.]34[.]21"}, {"ip": "64[.]210[.]137[.]102"}], "mutex": [{"name": null}], "registry": []}}, "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2018-12-07T17:37:36+00:00", "version": "1.0", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Xls.Downloader.Sload-6774021-0", "Doc.Downloader.Emotet-6765662-0", "Win.Ransomware.Imps-6765847-0", "Win.Virus.Sality-6765491-0", "Win.Packed.Passwordstealera-6765350-0", "Doc.Downloader.Sagent-6766662-0"]}